WordPress 漏洞列表
共找到 1000 个与 WordPress 相关的漏洞
- 2025-12-19WordPress AI Engine /wp-json/mcp/v1 信息泄露漏洞(CVE-2025-11749)
- 2025-12-19WordPress wp-event-solution 插件 /wp-admin/admin-ajax.php 文件读取漏洞(CVE-2025-47445)
- POC 2025-12-12CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
- POC 2025-12-12CVE-2024-39646: WordPress Custom 404 Pro <= 3.11.1 - Reflected XSS
- POC 2025-12-12CVE-2024-6220: WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload
- POC 2025-12-12CVE-2025-47445: WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download
- POC 2025-12-12wp-easy-google-fonts-log-disclosure: WordPress Easy Google Fonts - Error Log Disclosure
- POC 2025-12-12wp-importer-log-disclosure: WordPress Importer - Error Log Disclosure
- POC 2025-12-12wp-buddypress-open-redirect: WordPress BuddyPress < 2.9.2 - Authenticated Open Redirect
- POC 2025-12-12wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- POC 2025-12-02CVE-2019-25213: WordPress Advanced Access Manager - Path Traversal
- POC 2025-12-02CVE-2021-36888: WordPress Image Hover Ultimate - Unauthenticated Settings Update
- POC 2025-12-02CVE-2022-33198: WordPress Accordions - Unauthenticated Settings Update
- POC 2025-12-02CVE-2023-5815: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion
- POC 2025-12-02wp-twenty-theme-fpd: WordPress Twenty Seventeen - Full Path Disclosure
- POC 2025-12-02wp-twentysixteen-fpd: WordPress Twenty Sixteen - Full Path Disclosure
- POC 2025-11-21CVE-2017-14725: WordPress < 4.8.2 - Authenticated Open Redirect
- POC 2025-11-21CVE-2017-17092: WordPress < 4.9.1 - Authenticated JavaScript File Upload
- POC 2025-11-21wp-security-hidden-login-exposure: WordPress All-in-One Security <=4.4.1 - Hidden Login Page Exposure
- 2025-11-18WordPress Kognetiks Chatbot for WordPress <= 2.0.0 任意文件上传漏洞
- 2025-11-18WordPress Verbalize WP 存在任意文件上传漏洞(CVE-2024-49668)
- POC 2025-11-14CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
- POC 2025-11-14CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure
- 2025-11-14WordPress WooCommerce Designer Pro 插件 /wp-admin/admin-ajax.php wcdp_save_canvas_design_ajax 文件上传漏洞(CVE-2025-6440)
- POC 2025-11-11CVE-2025-4302: Stop User Enumeration WordPress plugin - Authentication Bypass
- 2025-11-07WordPress Google for WooCommerce /wp-content/plugins/google-listings-and-ads/vendor/googleads/google-ads-php/scripts/print_php_information.php 信息泄露漏洞(CVE-2024-10486)
- 2025-11-07WordPress Events Manager /wp-admin/admin-ajax.php SQL 注入漏洞(CVE-2025-6970)
- 2025-10-17wordpress /wp-json/wp/v2/users 信息泄露漏洞
- 2025-10-17(CVE-2015-10139)WPLMS WordPress主题权限提升漏洞
- 2025-10-14WordPress plugin WP JobHunt 跨站脚本漏洞
- 2025-10-09(CVE-2025-8085)Ditty WordPress插件displayItems端点未授权访问漏洞
- 2025-09-26WordPress Featured Image from URL plugin信息泄露漏洞(CVE-2025-9985)
- 2025-09-19Wordpress Plugin Depicter /wp-admin/admin-ajax.php depicter-lead-list SQL 注入漏洞(CVE-2025-2011)
- 2025-09-19Wordpress Plugin Eventin /wp-admin/admin-ajax.php proxy_image 文件读取漏洞(CVE-2025-3419)
- 2025-09-19Wordpress Plugin Ultimate Auction Pro /wp-admin/admin-ajax.php uwa_see_more_bids_ajax SQL 注入漏洞 (CVE-2025-4204)
- 2025-09-19Wordpress WooCommerce Ultimate Gift Card /wp-admin/admin-ajax.php mwb_wgm_preview_mail 文件上传漏洞(CVE-2024-8425)
- 2025-09-11WordPress Ditty 存在 SSRF 漏洞(CVE-2025-8085)
- 2025-09-02WordPress plugin Events Addon for Elementor 跨站脚本漏洞
- 2025-09-02WordPress plugin Related Posts Lite 跨站请求伪造漏洞
- 2025-09-02WordPress plugin TablePress 跨站脚本漏洞
- 2025-09-02WordPress plugin Ocean Extra 跨站脚本漏洞
- 2025-09-01CVE-2019-19985: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
- 2025-09-01wordpress-ext-adaptive-images-lfi: Wordpress Ext Adaptive Images lfi
- 2025-09-01wordpress-ext-mailpress-rce: Wordpress Ext Mailpress RCE
- 2025-09-01wordpress-install: WordPress Exposed Installation
- 2025-09-01wordpress-wpconfig-inclosure: Wordpress wpconfig disclosure
- 2025-08-29WordPress plugin Xagio SEO 信息泄露漏洞
- 2025-08-25WordPress Ajar in5 Embed 插件 /wp-admin/admin-ajax.php in5 文件上传漏洞(CVE-2024-50473)
- 2025-08-22WordPress JS Help Desk /wp-admin/admin.php 代码执行漏洞(CVE-2024-7094)
- 2025-08-22WordPress InstaWP Connect 插件 / rest_route 文件上传漏洞(CVE-2024-2667)
- 2025-08-21WordPress Business Directory 插件 /business-directory SQL 注入漏洞(CVE-2024-4443)
- 2025-08-21WordPress Automatic 插件 /wp-content/plugins/wp-automatic/inc/csv.php SQL 注入漏洞(CVE-2024-27956)
- 2025-08-21WordPress Plugin email-subscribers /wp-admin/admin-post.php advanced_filter SQL 注入漏洞(CVE-2024-2876)
- 2025-08-21WordPress Ninja Tables Plugin /wp-admin/admin-ajax.php url 文件读取漏洞
- 2025-08-21WordPress的Ninja Tables插件(版本<4.1.9)存在未经验证的任意文件下载漏洞
- 2025-08-21WordPress Events Manager <= 7.0.3 SQL注入漏洞(CVE-2025-6970)
- 2025-08-08WordPress CZ Loan Management <= 1.1 /wp-admin/admin-ajax.php SQL 注入漏洞 (CVE-2024-5975)
- 2025-08-08WordPress TrueBooker WordPress插件 /wp-content/plugins/truebooker-appointment-booking/main/truebooker-service-price.php SQL 注入漏洞 (CVE-2024-6924)
- 2025-08-08WordPress Web Directory Free < 1.7.0 /wp-admin/admin-ajax.php SQL 注入漏洞 (CVE-2024-3552)
- 2025-08-08WordPress LayerSlider 插件 /wp-admin/admin-ajax.php id SQL 注入漏洞(CVE-2024-2879)
- 2025-08-08WordPress Verbalize 插件 /wp-admin/admin-ajax.php generate_code 文件上传漏洞(CVE-2024-49668)
- POC 2025-08-01CVE-2022-29455-headless: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
- POC 2025-08-01CVE-2008-1059: WordPress Sniplets 1.1.2 - Local File Inclusion
- POC 2025-08-01CVE-2008-1061: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2011-5106: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
- POC 2025-08-01CVE-2011-5265: Featurific For WordPress 1.6.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2012-1835: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2012-4242: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2012-4768: WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
- POC 2025-08-01CVE-2012-5913: WordPress Integrator 1.32 - Cross-Site Scripting
- POC 2025-08-01CVE-2012-6499: WordPress Plugin Age Verification v0.4 - Open Redirect
- POC 2025-08-01CVE-2013-2287: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2013-3526: WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
- POC 2025-08-01CVE-2013-4117: WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2013-4625: WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2013-6281: WordPress Spreadsheet - Cross-Site Scripting
- POC 2025-08-01CVE-2013-7240: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
- POC 2025-08-01CVE-2014-4940: WordPress Plugin Tera Charts - Local File Inclusion
- POC 2025-08-01CVE-2014-4942: WordPress EasyCart <2.0.6 - Information Disclosure
- POC 2025-08-01CVE-2014-5368: WordPress Plugin WP Content Source Control - Directory Traversal
- POC 2025-08-01CVE-2014-8799: WordPress Plugin DukaPress 2.5.2 - Directory Traversal
- POC 2025-08-01CVE-2014-9094: WordPress DZS-VideoGallery Plugin Cross-Site Scripting
- POC 2025-08-01CVE-2014-9119: WordPress DB Backup <=4.5 - Local File Inclusion
- POC 2025-08-01CVE-2014-9735: WordPress RevSlider - Remote Code Execution via File Upload
- POC 2025-08-01CVE-2015-1000005: WordPress Candidate Application Form <= 1.3 - Local File Inclusion
- POC 2025-08-01CVE-2015-1000010: WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2015-1000012: WordPress MyPixs <=0.3 - Local File Inclusion
- POC 2025-08-01CVE-2015-1579: WordPress Slider Revolution - Local File Disclosure
- POC 2025-08-01CVE-2015-2196: WordPress Spider Calendar <=1.4.9 - SQL Injection
- POC 2025-08-01CVE-2015-2755: WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting
- POC 2025-08-01CVE-2015-4062: WordPress NewStatPress 0.9.8 - SQL Injection
- POC 2025-08-01CVE-2015-4127: WordPress Church Admin <0.810 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-4414: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
- POC 2025-08-01CVE-2015-4455: WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload
- POC 2025-08-01CVE-2015-4694: WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
- POC 2025-08-01CVE-2015-5461: WordPress StageShow <5.0.9 - Open Redirect
- POC 2025-08-01CVE-2015-5469: WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion
- POC 2025-08-01CVE-2015-6920: WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-7377: WordPress Pie-Register <2.0.19 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-9414: WordPress Symposium <=15.8.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-9480: WordPress RobotCPA 5 - Directory Traversal
- POC 2025-08-01CVE-2015-9499: WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE
- POC 2025-08-01CVE-2016-1000126: WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000127: WordPress AJAX Random Post <=2.00 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000128: WordPress anti-plagiarism <=3.60 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000129: WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000130: WordPress e-search <=1.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000131: WordPress e-search <=1.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000132: WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000133: WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000134: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000135: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000136: WordPress heat-trackr 1.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000137: WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000138: WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000139: WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000140: WordPress New Year Firework <=1.1.9 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000141: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000142: WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000143: WordPress Photoxhibit 2.1.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000146: WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000148: WordPress S3 Video <=0.983 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000149: WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000152: WordPress Tidio-form <=1.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000153: WordPress Tidio Gallery <=1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000154: WordPress WHIZZ <=1.0.7 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000155: WordPress WPSOLR <=8.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-10033: WordPress PHPMailer < 5.2.18 - Remote Code Execution
- POC 2025-08-01CVE-2016-10924: Wordpress Zedna eBook download <1.2 - Local File Inclusion
- POC 2025-08-01CVE-2016-10940: WordPress zm-gallery plugin 1.0 SQL Injection
- POC 2025-08-01CVE-2016-10956: WordPress Mail Masta 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2016-10960: WordPress wSecure Lite < 2.4 - Remote Code Execution
- POC 2025-08-01CVE-2016-10973: Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-15042: WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload
- POC 2025-08-01CVE-2017-1000170: WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
- POC 2025-08-01CVE-2017-14622: WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2017-17043: WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2017-17059: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2017-17451: WordPress Mailster <=1.5.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2017-18536: WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting
- POC 2025-08-01CVE-2017-18598: WordPress Qards - Cross-Site Scripting
- POC 2025-08-01CVE-2017-9288: WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2018-11709: WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
- POC 2025-08-01CVE-2018-16159: WordPress Gift Voucher <4.1.8 - Blind SQL Injection
- POC 2025-08-01CVE-2018-16283: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
- POC 2025-08-01CVE-2018-16299: WordPress Localize My Post 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2018-18069: WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2018-19287: WordPress Ninja Forms <3.3.18 - Cross-Site Scripting
- POC 2025-08-01CVE-2018-20462: WordPress JSmol2WP <=1.07 - Cross-Site Scripting
- POC 2025-08-01CVE-2018-20463: WordPress JSmol2WP <=1.07 - Local File Inclusion
- POC 2025-08-01CVE-2018-20985: WordPress Payeezy Pay <=2.97 - Local File Inclusion
- POC 2025-08-01CVE-2018-3810: Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass
- POC 2025-08-01CVE-2018-5316: WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting
- POC 2025-08-01CVE-2018-7422: WordPress Site Editor <=1.1.1 - Local File Inclusion
- POC 2025-08-01CVE-2018-8719: WordPress WP Security Audit Log 3.1.1 - Information Disclosure
- POC 2025-08-01CVE-2018-9118: WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion
- POC 2025-08-01CVE-2019-10692: WordPress Google Maps <7.11.18 - SQL Injection
- POC 2025-08-01CVE-2019-11869: WordPress Yuzo <5.12.94 - Cross-Site Scripting
- POC 2025-08-01CVE-2019-14205: WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion
- POC 2025-08-01CVE-2019-14470: WordPress UserPro 4.9.32 - Cross-Site Scripting
- POC 2025-08-01CVE-2019-15713: WordPress My Calendar <= 3.1.9 - Cross-Site Scripting
- POC 2025-08-01CVE-2019-15858: WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution
- POC 2025-08-01CVE-2019-15889: WordPress Download Manager <2.9.94 - Cross-Site Scripting
- POC 2025-08-01CVE-2019-16332: WordPress API Bearer Auth <20190907 - Cross-Site Scripting
- POC 2025-08-01CVE-2019-16525: WordPress Checklist <1.1.9 - Cross-Site Scripting
- POC 2025-08-01CVE-2019-16931: WordPress Visualizer <3.3.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2019-19134: WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2019-19985: WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval
- POC 2025-08-01CVE-2019-20141: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2019-20210: WordPress CTHthemes - Cross-Site Scripting
- POC 2025-08-01CVE-2019-6112: WordPress Sell Media 2.4.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2019-8943: WordPress Core 5.0.0 - Crop-image Shell Upload
- POC 2025-08-01CVE-2019-9618: WordPress GraceMedia Media Player 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2019-9978: WordPress Social Warfare <3.5.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2020-11530: WordPress Chop Slider 3 - Blind SQL Injection
- POC 2025-08-01CVE-2020-11738: WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion
- POC 2025-08-01CVE-2020-11930: WordPress GTranslate <2.8.52 - Cross-Site Scripting
- POC 2025-08-01CVE-2020-12054: WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2020-12800: WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution
- POC 2025-08-01CVE-2020-13700: WordPress acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference
- POC 2025-08-01CVE-2020-14092: WordPress PayPal Pro <1.1.65 - SQL Injection
- POC 2025-08-01CVE-2020-24186: WordPress wpDiscuz <=7.0.4 - Remote Code Execution
- POC 2025-08-01CVE-2020-24312: WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
- POC 2025-08-01CVE-2020-25213: WordPress File Manager Plugin - Remote Code Execution
- POC 2025-08-01CVE-2020-26876: WordPress WP Courses Plugin Information Disclosure
- POC 2025-08-01CVE-2020-28976: WordPress Canto 1.3.0 - Blind Server-Side Request Forgery
- POC 2025-08-01CVE-2020-29395: Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2020-35749: WordPress Simple Job Board <2.9.4 - Local File Inclusion
- POC 2025-08-01CVE-2020-35951: Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
- POC 2025-08-01CVE-2020-36510: WordPress 15Zine <3.3.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2020-36708: WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution
- POC 2025-08-01CVE-2020-36728: WordPress Plugin Adning Advertising < 1.5.6 - Arbitrary File Upload
- POC 2025-08-01CVE-2020-36836: WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
- POC 2025-08-01CVE-2020-7107: WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting
- POC 2025-08-01CVE-2020-8615: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery
- POC 2025-08-01CVE-2020-8771: WordPress Time Capsule < 1.21.16 - Authentication Bypass
- POC 2025-08-01CVE-2020-8772: WordPress InfiniteWP <1.9.4.5 - Authorization Bypass
- POC 2025-08-01CVE-2020-9043: WordPress wpCentral <1.5.1 - Information Disclosure
- POC 2025-08-01CVE-2021-20792: WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24145: WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload
- POC 2025-08-01CVE-2021-24146: WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
- POC 2025-08-01CVE-2021-24150: WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery
- POC 2025-08-01CVE-2021-24155: WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload
- POC 2025-08-01CVE-2021-24165: WordPress Ninja Forms <3.4.34 - Open Redirect
- POC 2025-08-01CVE-2021-24169: WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting
- POC 2025-08-01CVE-2021-24176: WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24210: WordPress PhastPress <1.111 - Open Redirect
- POC 2025-08-01CVE-2021-24214: WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24215: Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation
- POC 2025-08-01CVE-2021-24227: Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
- POC 2025-08-01CVE-2021-24235: WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24236: WordPress Imagements <=1.2.5 - Arbitrary File Upload
- POC 2025-08-01CVE-2021-24237: WordPress Realteo <=1.2.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24239: WordPress Pie Register <3.7.0.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24245: WordPress Stop Spammers <2021.9 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24274: WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24276: WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24278: WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation
- POC 2025-08-01CVE-2021-24284: WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload
- POC 2025-08-01CVE-2021-24285: WordPress Car Seller - Auto Classifieds Script - SQL Injection
- POC 2025-08-01CVE-2021-24286: WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24287: WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24288: WordPress AcyMailing <7.5.0 - Open Redirect
- POC 2025-08-01CVE-2021-24291: WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24298: WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24300: WordPress WooCommerce <1.13.22 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24316: WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24320: WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24335: WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24340: WordPress Statistics <13.0.8 - Blind SQL Injection
- POC 2025-08-01CVE-2021-24342: WordPress JNews Theme <8.0.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24347: WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload
- POC 2025-08-01CVE-2021-24351: WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24364: WordPress Jannah Theme <5.4.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24370: WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload
- POC 2025-08-01CVE-2021-24387: WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24389: WordPress FoodBakery <2.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24406: WordPress wpForo Forum < 1.9.7 - Open Redirect
- POC 2025-08-01CVE-2021-24407: WordPress Jannah Theme <5.4.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24435: WordPress Titan Framework plugin <= 1.12.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24436: WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24442: Wordpress Polls Widget < 1.5.3 - SQL Injection
- POC 2025-08-01CVE-2021-24452: WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24488: WordPress Post Grid <2.1.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24495: Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24498: WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24499: WordPress Workreap - Remote Code Execution
- POC 2025-08-01CVE-2021-24510: WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24554: WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection
- POC 2025-08-01CVE-2021-24666: WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection
- POC 2025-08-01CVE-2021-24746: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24750: WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection
- POC 2025-08-01CVE-2021-24762: WordPress Perfect Survey <1.5.2 - SQL Injection
- POC 2025-08-01CVE-2021-24827: WordPress Asgaros Forum <1.15.13 - SQL Injection
- POC 2025-08-01CVE-2021-24838: WordPress AnyComment <0.3.5 - Open Redirect
- POC 2025-08-01CVE-2021-24862: WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection
- POC 2025-08-01CVE-2021-24875: WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24891: WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24910: WordPress Transposh Translation <1.0.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24917: WordPress WPS Hide Login <1.9.1 - Information Disclosure
- POC 2025-08-01CVE-2021-24926: WordPress Domain Check <1.0.17 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24931: WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection
- POC 2025-08-01CVE-2021-24940: WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24946: WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
- POC 2025-08-01CVE-2021-24947: WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read
- POC 2025-08-01CVE-2021-24970: WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion
- POC 2025-08-01CVE-2021-24987: WordPress Super Socializer <7.13.30 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24991: WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-24997: WordPress Guppy <=1.1 - Information Disclosure
- POC 2025-08-01CVE-2021-25003: WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution
- POC 2025-08-01CVE-2021-25008: The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-25028: WordPress Event Tickets < 5.2.2 - Open Redirect
- POC 2025-08-01CVE-2021-25052: WordPress Button Generator <2.3.3 - Remote File Inclusion
- POC 2025-08-01CVE-2021-25055: WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting
- POC 2025-08-01CVE-2021-25063: WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-25074: WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect
- POC 2025-08-01CVE-2021-25075: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-25085: WOOF WordPress plugin - Cross-Site Scripting
- POC 2025-08-01CVE-2021-25094: Wordpress Tatsubuilder <= 3.3.11 - Remote Code Execution
- POC 2025-08-01CVE-2021-25099: WordPress GiveWP <2.17.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-25104: WordPress Ocean Extra <1.9.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-25111: WordPress English Admin <1.5.2 - Open Redirect
- POC 2025-08-01CVE-2021-25112: WordPress WHMCS Bridge <6.4b - Cross-Site Scripting
- POC 2025-08-01CVE-2021-25114: WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection
- POC 2025-08-01CVE-2021-33851: WordPress Customize Login Image <3.5.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-34621: WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness
- POC 2025-08-01CVE-2021-34640: WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-34643: WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-36873: WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-38314: WordPress Redux Framework <=4.2.11 - Information Disclosure
- POC 2025-08-01CVE-2021-39312: WordPress True Ranker <2.2.4 - Local File Inclusion
- POC 2025-08-01CVE-2021-39316: WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
- POC 2025-08-01CVE-2021-39320: WordPress Under Construction <1.19 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-39322: WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting
- POC 2025-08-01CVE-2021-39327: WordPress BulletProof Security 5.1 Information Disclosure
- POC 2025-08-01CVE-2021-39350: FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting
- POC 2025-08-01CVE-2022-0140: WordPress Visual Form Builder <3.0.8 - Information Disclosure
- POC 2025-08-01CVE-2022-0147: WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0148: WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0149: WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0150: WordPress Accessibility Helper <0.6.0.7 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0165: WordPress Page Builder KingComposer <=2.9.6 - Open Redirect
- POC 2025-08-01CVE-2022-0189: WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting
- POC 2025-08-01CVE-2022-0201: WordPress Permalink Manager <2.2.15 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0206: WordPress NewStatPress <1.3.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0208: WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0212: WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0220: WordPress GDPR & CCPA <1.9.27 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0234: WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0288: WordPress Ad Inserter <2.7.10 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0346: WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution
- POC 2025-08-01CVE-2022-0349: WordPress NotificationX <2.3.9 - SQL Injection
- POC 2025-08-01CVE-2022-0381: WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0412: WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection
- POC 2025-08-01CVE-2022-0422: WordPress White Label CMS <2.2.9 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0434: WordPress Page Views Count <2.4.15 - SQL Injection
- POC 2025-08-01CVE-2022-0535: WordPress E2Pdf <1.16.45 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0594: WordPress Shareaholic <9.7.6 - Information Disclosure
- POC 2025-08-01CVE-2022-0595: WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting
- POC 2025-08-01CVE-2022-0599: WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-0651: WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
- POC 2025-08-01CVE-2022-0653: Wordpress Profile Builder Plugin Cross-Site Scripting
- POC 2025-08-01CVE-2022-0679: WordPress Narnoo Distributor <=2.5.1 - Local File Inclusion
- POC 2025-08-01CVE-2022-0693: WordPress Master Elements <=8.0 - SQL Injection
- POC 2025-08-01CVE-2022-0760: WordPress Simple Link Directory <7.7.2 - SQL injection
- POC 2025-08-01CVE-2022-0781: WordPress Nirweb Support <2.8.2 - SQL Injection
- POC 2025-08-01CVE-2022-0784: WordPress Title Experiments Free <9.0.1 - SQL Injection
- POC 2025-08-01CVE-2022-0785: WordPress Daily Prayer Time <2022.03.01 - SQL Injection
- POC 2025-08-01CVE-2022-0786: WordPress KiviCare <2.3.9 - SQL Injection
- POC 2025-08-01CVE-2022-0788: WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0 - SQL Injection
- POC 2025-08-01CVE-2022-0817: WordPress BadgeOS <=3.7.0 - SQL Injection
- POC 2025-08-01CVE-2022-0826: WordPress WP Video Gallery <=1.7.1 - SQL Injection
- POC 2025-08-01CVE-2022-0827: WordPress Best Books <=2.6.3 - SQL Injection
- POC 2025-08-01CVE-2022-0867: WordPress ARPrice <3.6.1 - SQL Injection
- POC 2025-08-01CVE-2022-0948: WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection
- POC 2025-08-01CVE-2022-0949: WordPress Stop Bad Bots <6.930 - SQL Injection
- POC 2025-08-01CVE-2022-0952: WordPress Sitemap by click5 <1.0.36 - Missing Authorization
- POC 2025-08-01CVE-2022-1007: WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1013: WordPress Personal Dictionary <1.3.4 - Blind SQL Injection
- POC 2025-08-01CVE-2022-1020: WordPress WooCommerce <3.1.2 - Arbitrary Function Call
- POC 2025-08-01CVE-2022-1054: WordPress RSVP and Event Management <2.7.8 - Missing Authorization
- POC 2025-08-01CVE-2022-1119: WordPress Simple File List <3.2.8 - Local File Inclusion
- POC 2025-08-01CVE-2022-1168: WordPress WP JobSearch <1.5.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1221: WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1386: WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery
- POC 2025-08-01CVE-2022-1390: WordPress Admin Word Count Column 2.2 - Local File Inclusion
- POC 2025-08-01CVE-2022-1391: WordPress Cab fare calculator < 1.0.4 - Local File Inclusion
- POC 2025-08-01CVE-2022-1392: WordPress Videos sync PDF <=1.7.4 - Local File Inclusion
- POC 2025-08-01CVE-2022-1442: WordPress Metform <=2.1.3 - Information Disclosure
- POC 2025-08-01CVE-2022-1574: WordPress HTML2WP <=1.0.0 - Arbitrary File Upload
- POC 2025-08-01CVE-2022-1595: WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure
- POC 2025-08-01CVE-2022-1597: WordPress WPQA <5.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1598: WordPress WPQA <5.5 - Improper Access Control
- POC 2025-08-01CVE-2022-1724: WordPress Simple Membership <4.1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1768: WordPress RSVPMaker <=9.3.2 - SQL Injection
- POC 2025-08-01CVE-2022-1904: WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1906: WordPress Copyright Proof <=4.16 - Cross-Site-Scripting
- POC 2025-08-01CVE-2022-1910: WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1916: WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1933: WordPress CDI <5.1.9 - Cross Site Scripting
- POC 2025-08-01CVE-2022-1937: WordPress Awin Data Feed <=1.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1946: WordPress Gallery <2.0.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-1952: WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload
- POC 2025-08-01CVE-2022-2034: WordPress Sensei LMS <4.5.0 - Information Disclosure
- POC 2025-08-01CVE-2022-21661: WordPress <5.8.3 - SQL Injection
- POC 2025-08-01CVE-2022-2168: WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting
- POC 2025-08-01CVE-2022-2187: WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-2314: WordPress VR Calendar <=2.3.2 - Remote Code Execution
- POC 2025-08-01CVE-2022-2373: WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
- POC 2025-08-01CVE-2022-2376: WordPress Directorist <7.3.1 - Information Disclosure
- POC 2025-08-01CVE-2022-2379: WordPress Easy Student Results <=2.2.8 - Improper Authorization
- POC 2025-08-01CVE-2022-2383: WordPress Feed Them Social <3.0.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-2462: WordPress Transposh <=1.0.8.1 - Information Disclosure
- POC 2025-08-01CVE-2022-25148: WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
- POC 2025-08-01CVE-2022-2544: WordPress Ninja Job Board < 1.3.3 - Direct Request
- POC 2025-08-01CVE-2022-2546: WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-2551: WordPress Duplicator <1.4.7 - Authentication Bypass
- POC 2025-08-01CVE-2022-2599: WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-2627: WordPress Newspaper < 12 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-27849: WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability
- POC 2025-08-01CVE-2022-28290: WordPress Country Selector <1.6.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-2863: WordPress WPvivid Backup <0.9.76 - Local File Inclusion
- POC 2025-08-01CVE-2022-29455: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
- POC 2025-08-01CVE-2022-33901: WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read
- POC 2025-08-01CVE-2022-33965: WordPress Visitor Statistics <=5.7 - SQL Injection
- POC 2025-08-01CVE-2022-3484: WordPress WPB Show Core - Cross-Site Scripting
- POC 2025-08-01CVE-2022-3506: WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting
- POC 2025-08-01CVE-2022-3578: WordPress ProfileGrid <5.1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-3768: WordPress WPSmartContracts <1.3.12 - SQL Injection
- POC 2025-08-01CVE-2022-3908: WordPress Helloprint <1.4.7 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-3933: WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting
- POC 2025-08-01CVE-2022-3934: WordPress FlatPM <3.0.13 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-3982: WordPress Booking Calendar <3.2.2 - Arbitrary File Upload
- POC 2025-08-01CVE-2022-4050: WordPress JoomSport <5.2.8 - SQL Injection
- POC 2025-08-01CVE-2022-4060: WordPress User Post Gallery <=2.19 - Remote Code Execution
- POC 2025-08-01CVE-2022-4063: WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
- POC 2025-08-01CVE-2022-4117: WordPress IWS Geo Form Fields <=1.0 - SQL Injection
- POC 2025-08-01CVE-2022-4140: WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
- POC 2025-08-01CVE-2022-4260: WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting
- POC 2025-08-01CVE-2022-4301: WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-4306: WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-4320: WordPress Events Calendar <1.4.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-4321: PDF Generator for WordPress < 1.1.2 - Cross Site Scripting
- POC 2025-08-01CVE-2022-4325: WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2022-4447: WordPress Fontsy <=1.8.6 - SQL Injection
- POC 2025-08-01CVE-2022-45362: WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request Forgery
- POC 2025-08-01CVE-2022-45805: WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection
- POC 2025-08-01CVE-2022-45835: WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery
- POC 2025-08-01CVE-2022-4897: WordPress BackupBuddy <8.8.3 - Cross Site Scripting
- POC 2025-08-01CVE-2023-0236: WordPress Tutor LMS <2.0.10 - Cross Site Scripting
- POC 2025-08-01CVE-2023-0261: WordPress WP TripAdvisor Review Slider <10.8 - Authenticated SQL Injection
- POC 2025-08-01CVE-2023-0552: WordPress Pie Register <3.8.2.3 - Open Redirect
- POC 2025-08-01CVE-2023-0942: WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2023-0948: WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2023-0968: WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2023-1080: WordPress GN Publisher <1.5.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2023-1119: WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting
- POC 2025-08-01CVE-2023-2256: WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting
- POC 2025-08-01CVE-2023-23488: WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection
- POC 2025-08-01CVE-2023-23489: WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
- POC 2025-08-01CVE-2023-2518: WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting
- POC 2025-08-01CVE-2023-2624: KiviCare WordPress Plugin - Cross-Site Scripting
- POC 2025-08-01CVE-2023-2745: WordPress Core <=6.2 - Directory Traversal
- POC 2025-08-01CVE-2023-2813: Wordpress Multiple Themes - Reflected Cross-Site Scripting
- POC 2025-08-01CVE-2023-28662: Wordpress Gift Cards <= 4.3.1 - SQL Injection
- POC 2025-08-01CVE-2023-32243: WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset
- POC 2025-08-01CVE-2023-4151: Store Locator WordPress < 1.4.13 - Cross-Site Scripting
- POC 2025-08-01CVE-2023-4284: WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting
- POC 2025-08-01CVE-2023-4490: WordPress Job Portal < 2.0.6 - SQL Injection
- POC 2025-08-01CVE-2023-4596: WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload
- POC 2025-08-01CVE-2023-48777: WordPress Elementor 3.18.1 - File Upload/Remote Code Execution
- POC 2025-08-01CVE-2023-5360: WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload
- POC 2025-08-01CVE-2023-5561: WordPress Core - Post Author Email Disclosure
- POC 2025-08-01CVE-2023-5974: WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
- POC 2025-08-01CVE-2023-6360: WordPress My Calendar <3.4.22 - SQL Injection
- POC 2025-08-01CVE-2023-6389: WordPress Toolbar <= 2.2.6 - Open Redirect
- POC 2025-08-01CVE-2023-6421: WordPress Download Manager - File Password Exposure
- POC 2025-08-01CVE-2023-6875: WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass
- POC 2025-08-01CVE-2024-1061: WordPress HTML5 Video Player - SQL Injection
- POC 2025-08-01CVE-2024-1071: WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection
- POC 2025-08-01CVE-2024-10783: WordPress Plugin MainWP Child - Authentication Bypass
- POC 2025-08-01CVE-2024-12824: Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
- POC 2025-08-01CVE-2024-13126: WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure
- POC 2025-08-01CVE-2024-13624: WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2024-13853: WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting
- POC 2025-08-01CVE-2024-1512: MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection
- POC 2025-08-01CVE-2024-27954: WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
- POC 2025-08-01CVE-2024-27956: WordPress Automatic Plugin <= 3.92.0 - SQL Injection
- POC 2025-08-01CVE-2024-2876: Wordpress Email Subscribers by Icegram Express - SQL Injection
- POC 2025-08-01CVE-2024-2879: WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection
- POC 2025-08-01CVE-2024-3032: WordPress Themify Builder < 7.5.8 - Open Redirect
- POC 2025-08-01CVE-2024-3495: Wordpress Country State City Dropdown <=2.7.2 - SQL Injection
- POC 2025-08-01CVE-2024-43917: WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection
- POC 2025-08-01CVE-2024-4399: WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery
- POC 2025-08-01CVE-2024-4434: LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection
- POC 2025-08-01CVE-2024-4439: WordPress Core <6.5.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2024-50477: WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass
- POC 2025-08-01CVE-2024-5522: WordPress HTML5 Video Player < 2.5.27 - SQL Injection
- POC 2025-08-01CVE-2024-6460: WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion
- POC 2025-08-01CVE-2024-6651: WordPress File Upload Plugin < 4.24.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2024-9047: WordPress File Upload <= 4.24.11 - Arbitrary File Read
- POC 2025-08-01CVE-2024-9796: WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection
- POC 2025-08-01CVE-2025-2010: WordPress JobWP Plugin <= 2.3.9 - SQL Injection
- POC 2025-08-01CVE-2025-30567: WordPress WP01 - Path Traversal
- POC 2025-08-01CVE-2025-34077: WordPress Pie Register <= 3.7.1.4 - Authentication Bypass
- POC 2025-08-01CVE-2025-34085: WordPress Simple File List <=4.2.2 - Remote Code Execution
- POC 2025-08-01CVE-2025-3605: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- POC 2025-08-01CVE-2025-49029: WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution
- POC 2025-08-01CVE-2025-5961: WordPress WPvivid Backup & Migration Plugin <= 0.9.116 - Authenticated Arbitrary File Upload
- POC 2025-08-01CVE-2025-6851: WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF
- POC 2025-08-01CVE-2025-6970: WordPress Events Manager <= 7.0.3 - SQL Injection
- 2025-08-01CVE-2018-17207: WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution
- POC 2025-08-01CVE-2014-8739: WordPress Sexy Contact Form (<= 0.9.7) - Arbitrary File Upload
- POC 2025-08-01CVE-2020-27615: WordPress Loginizer < 1.6.4 – Unauthenticated SQL Injection via `log` Parameter
- POC 2025-08-01CVE-2022-2461: Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change
- POC 2025-08-01CVE-2023-0037: WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection
- POC 2025-08-01CVE-2023-0876: WordPress Meta SEO <= 4.5.2 - Open Redirect
- POC 2025-08-01CVE-2023-6000: WordPress Popup Builder <= 4.2.3 - Unauthenticated Stored XSS
- POC 2025-08-01CVE-2024-2782: WordPress FluentForms <= 5.1.16 - Broken Access Control
- POC 2025-08-01CVE-2024-4898: WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation
- POC 2025-08-01CVE-2021-34624: WordPress ProfilePress 3.0-3.1.3 - Arbitrary File Upload
- POC 2025-08-01CVE-2023-47873: WordPress WP Child Theme Generator < 1.1.3 - Arbitrary File Upload
- POC 2025-08-01CVE-2019-17230: WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes
- POC 2025-08-01CVE-2019-17231: WordPress OneTone theme <= 3.0.6 – Unauthenticated Stored XSS
- POC 2025-08-01CVE-2019-17233: WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection
- POC 2025-08-01CVE-2022-3590: WordPress <= 6.2 - Server Side Request Forgery
- POC 2025-08-01CVE-2024-9772: WordPress UIX Shortcodes <= 1.9.7 - Unauthenticated Shortcode Execution
- POC 2025-08-01CVE-2017-5487: Wordpress<4.7.1 Exist Username Enumeration
- POC 2025-08-01CVE-2020-11738: WordPress Duplicator plugin Directory Traversal
- POC 2025-08-01CVE-2022-0434: WordPress Page Views Count <2.4.15 - SQL Injection
- POC 2025-08-01CVE-2022-1020: WordPress WooCommerce <3.1.2 - Arbitrary Function Call
- POC 2025-08-01CVE-2022-1119: WordPress Simple File List <3.2.8 - Local File Inclusion
- POC 2025-08-01CVE-2022-1390: WordPress Admin Word Count Column 2.2 - Local File Inclusion
- POC 2025-08-01CVE-2022-1950: Wordpress Youzify sql injection
- POC 2025-08-01CVE-2022-21661: WordPress Core 5.8.2 - 'WP_Query' SQL注入信息泄露漏洞
- POC 2025-08-01CVE-2022-3982: WordPress Booking Calendar <3.2.2 - Arbitrary File Upload
- POC 2025-08-01CVE-2024-1061: WordPress HTML5 Video Player SQL注入
- POC 2025-08-01CVE-2024-25600: WordPress的Bricks主题存在远程命令执行
- POC 2025-08-01wordpress-api-csp-bypass: Content-Security-Policy Bypass - WordPress API
- POC 2025-08-01wordpress-csp-bypass: Content-Security-Policy Bypass - WordPress
- POC 2025-08-01wordpress-public-api-csp-bypass: Content-Security-Policy Bypass - WordPress Public API
- POC 2025-08-01CVE-2018-17207: WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution
- POC 2025-08-01CVE-2019-17232: WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export
- POC 2025-08-01CVE-2019-6703: Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update
- POC 2025-08-01CVE-2021-34622: WordPress ProfilePress <= 3.1.3 - Privilege Escalation
- POC 2025-08-01CVE-2022-3477: WordPress tagDiv Composer < 3.5 - Authentication Bypass
- POC 2025-08-01CVE-2024-0593: WordPress Simple Job Board - Unauthorized Data Access
- POC 2025-08-01CVE-2024-28000: WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin
- POC 2025-08-01wordpress-weak-credentials: WordPress - Weak Credentials
- POC 2025-08-01wp-install: WordPress Exposed Installation
- POC 2025-08-01wordpress-takeover: WordPress takeover detection
- POC 2025-08-01avada-xss: WordPress Avada Website Builder <7.4.2 - Cross-Site Scripting
- POC 2025-08-01404-to-301-xss: WordPress 404 to 301 Log Manager <3.1.2 - Cross-Site Scripting
- POC 2025-08-01ad-widget-lfi: WordPress Ad Widget 2.11.0 - Local File Inclusion
- POC 2025-08-01advanced-access-manager-lfi: WordPress Advanced Access Manager < 5.9.9 - Local File Inclusion
- POC 2025-08-01age-gate-open-redirect: WordPress Age Gate <2.13.5 - Open Redirect
- POC 2025-08-01age-gate-xss: WordPress Age Gate <2.20.4 - Cross-Site Scripting
- POC 2025-08-01ait-csv-import-export-rce: WordPress AIT CSV Import Export - Unauthenticated Remote Code Execution
- POC 2025-08-01alfacgiapi-wordpress: alfacgiapi
- POC 2025-08-01amministrazione-aperta-lfi: WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion
- POC 2025-08-01application-pass-xss: WordPress Core 5.6 and 6.3.1 - Cross-Site Scripting
- POC 2025-08-01aspose-ie-file-download: WordPress Aspose Importer & Exporter 1.0 - Local File Inclusion
- POC 2025-08-01aspose-pdf-file-download: WordPress Aspose PDF Exporter - Local File Inclusion
- POC 2025-08-01aspose-words-file-download: WordPress Aspose Words Exporter <2.0 - Local File Inclusion
- POC 2025-08-01attitude-theme-open-redirect: WordPress Attitude 1.1.1 - Open Redirect
- POC 2025-08-01avchat-video-chat-xss: WordPress AVChat Video Chat 1.4.1 - Cross-Site Scripting
- POC 2025-08-01brandfolder-lfi: Wordpress Brandfolder - Remote/Local File Inclusion
- POC 2025-08-01brandfolder-open-redirect: WordPress Brandfolder - Open Redirect (RFI & LFI)
- POC 2025-08-01calameo-publications-xss: WordPress Manage Calameo Publications 1.1.0 - Cross-Site Scripting
- POC 2025-08-01checkout-fields-manager-xss: WordPress Checkout Fields Manager for WooCommerce <5.5.7 - Cross-Site Scripting
- POC 2025-08-01cherry-lfi: WordPress Cherry < 1.2.7 - Unauthenticated Arbitrary File Upload and Download
- POC 2025-08-01church-admin-lfi: WordPress Church Admin 0.33.2.1 - Local File Inclusion
- POC 2025-08-01churchope-lfi: WordPress ChurcHope Theme <= 2.1 - Local File Inclusion
- POC 2025-08-01clearfy-cache-xss: WordPress Clearfy Cache <2.0.5 - Cross-Site Scripting
- POC 2025-08-01contus-video-gallery-sqli: WordPress Video Gallery <= 2.8 - SQL Injection
- POC 2025-08-01curcy-xss: WordPress CURCY - Multi Currency for WooCommerce <2.1.18 - Cross-Site Scripting
- POC 2025-08-01diarise-theme-lfi: WordPress Diarise 1.5.9 - Arbitrary File Retrieval
- POC 2025-08-01eatery-restaurant-open-redirect: WordPress Eatery 2.2 - Open Redirect
- POC 2025-08-01hb-audio-lfi: Wordpress HB Audio Gallery Lite - Local File Inclusion
- POC 2025-08-01health-check-lfi: WordPress Health Check & Troubleshooting <1.24 - Local File Inclusion
- POC 2025-08-01hide-security-enhancer-lfi: WordPress Hide Security Enhancer 1.3.9.2 Local File Inclusion
- POC 2025-08-01members-list-xss: WordPress Members List <4.3.7 - Cross-Site Scripting
- POC 2025-08-01modula-image-gallery-xss: WordPress Modula Image Gallery <2.6.7 - Cross-Site Scripting
- POC 2025-08-01music-store-open-redirect: WordPress eCommerce Music Store <=1.0.14 - Open Redirect
- POC 2025-08-01my-chatbot-xss: WordPress My Chatbot <= 1.1 - Cross-Site Scripting
- POC 2025-08-01nativechurch-wp-theme-lfd: WordPress NativeChurch Theme - Local File Inclusion
- POC 2025-08-01new-user-approve-xss: WordPress New User Approve <2.4.1 - Cross-Site Scripting
- POC 2025-08-01newsletter-open-redirect: WordPress Newsletter Manager < 1.5 - Unauthenticated Open Redirect
- POC 2025-08-01pieregister-open-redirect: WordPress Pie Register < 3.7.2.4 - Open Redirect
- POC 2025-08-01seatreg-redirect: WordPress Plugin ‘SeatReg’ - Open Redirect
- POC 2025-08-01seo-redirection-xss: WordPress SEO Redirection <7.4 - Cross-Site Scripting
- POC 2025-08-01shortcode-lfi: WordPress Download Shortcode 0.2.3 - Local File Inclusion
- POC 2025-08-01ultimatemember-open-redirect: WordPress Ultimate Member <2.1.7 - Open Redirect
- POC 2025-08-01unauthenticated-duplicator-disclosure: WordPress Duplicator Plugin - Information disclosure
- POC 2025-08-01w3c-total-cache-ssrf: Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)
- POC 2025-08-01weekender-newspaper-open-redirect: WordPress Weekender Newspaper 9.0 - Open Redirect
- POC 2025-08-01woocommerce-pdf-invoices-xss: WordPress WooCommerce PDF Invoices & Packing Slips <2.15.0 - Cross-Site Scripting
- POC 2025-08-01wordpress-accessible-wpconfig: WordPress wp-config Detection
- POC 2025-08-01wordpress-affiliatewp-log: WordPress Plugin "AffiliateWP -- Allowed Products" Log Disclosure
- POC 2025-08-01wordpress-db-backup-listing: WordPress DB Backup
- POC 2025-08-01wordpress-db-backup: WordPress DB Backup
- POC 2025-08-01wordpress-debug-log: WordPress Debug Log - Exposure
- POC 2025-08-01wordpress-social-metrics-tracker: Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
- POC 2025-08-01wordpress-ssrf-oembed: Wordpress Oembed Proxy - Server-side request forgery
- POC 2025-08-01wordpress-total-upkeep-backup-download: WordPress Total Upkeep Database and Files Backup Download
- POC 2025-08-01wordpress-wordfence-lfi: WordPress Wordfence 7.4.5 - Local File Inclusion
- POC 2025-08-01wordpress-wordfence-waf-bypass-xss: Wordpress Wordfence - Cross-Site Scripting
- POC 2025-08-01wordpress-wordfence-xss: WordPress Wordfence 7.4.6 - Cross0Site Scripting
- POC 2025-08-01wordpress-zebra-form-xss: Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting
- POC 2025-08-01wp-adaptive-xss: WordPress Adaptive Images < 0.6.69 - Cross-Site Scripting
- POC 2025-08-01wp-adivaha-sqli: WordPress adivaha Travel Plugin 2.3 - SQL Injection
- POC 2025-08-01wp-adivaha-xss: WordPress Adivaha Travel Plugin 2.3 - Cross-Site Scripting
- POC 2025-08-01wp-all-export-xss: WordPress All Export <1.3.6 - Cross-Site Scripting
- POC 2025-08-01wp-ambience-xss: WordPress Ambience Theme <=1.0 - Cross-Site Scripting
- POC 2025-08-01wp-blogroll-fun-xss: WordPress Blogroll Fun-Show Last Post and Last Update Time 0.8.4 - Cross-Site Scripting
- POC 2025-08-01wp-code-snippets-xss: WordPress Code Snippets - Cross-Site Scripting
- POC 2025-08-01wp-config-setup: WordPress Setup Configuration
- POC 2025-08-01wp-custom-tables-xss: WordPress Custom Tables 3.4.4 - Cross-Site Scripting
- POC 2025-08-01wp-email-subscribers-listing: WordPress Plugin Email Subscribers Listing
- POC 2025-08-01wp-flagem-xss: WordPress FlagEm - Cross-Site Scripting
- POC 2025-08-01wp-footnote-xss: WordPress 6.3-6.3.1 Footnotes Block - Cross-Site Scripting
- POC 2025-08-01wp-gallery-file-upload: WordPress Plugin Gallery 3.06 - Arbitrary File Upload
- POC 2025-08-01wp-googlemp3-lfi: WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download
- POC 2025-08-01wp-grimag-open-redirect: WordPress Grimag <1.1.1 - Open Redirection
- POC 2025-08-01wp-haberadam-idor: WordPress Themes Haberadam JSON API - IDOR and Path Disclosure
- POC 2025-08-01wp-javospot-lfi: WordPress Javo Spot Premium Theme - Local File Inclusion
- POC 2025-08-01wp-kadence-blocks-rce: WordPress Gutenberg Blocks Plugin <= 3.1.10 - Arbitrary File Upload
- POC 2025-08-01wp-knews-xss: WordPress Knews Multilingual Newsletters 1.1.0 - Cross-Site Scripting
- POC 2025-08-01wp-mailchimp-log-exposure: WordPress MC4WP - Debug Log Exposure
- POC 2025-08-01wp-memphis-documents-library-lfi: WordPress Memphis Document Library 3.1.5 - Local File Inclusion
- POC 2025-08-01wp-nextgen-xss: WordPress NextGEN Gallery 1.9.10 - Cross-Site Scripting
- POC 2025-08-01wp-oxygen-theme-lfi: WordPress Oxygen-Theme - Local File Inclusion
- POC 2025-08-01wp-phpfreechat-xss: WordPress PHPFreeChat 0.2.8 - Cross-Site Scripting
- POC 2025-08-01wp-portrait-archiv-xss: WordPress Portrait-Archiv.com Photostore 5.0.4 - Reflected Cross Site Scripting
- POC 2025-08-01wp-prostore-open-redirect: WordPress ProStore <1.1.3 - Open Redirect
- POC 2025-08-01wp-real-estate-xss: WordPress Real Estate 7 Theme <= 3.3.4 - Cross-Site Scripting
- POC 2025-08-01wp-related-post-xss: WordPress Related Posts <= 2.1.1 - Cross Site Scripting
- POC 2025-08-01wp-securimage-xss: WordPress Securimage-WP 3.2.4 - Cross-Site Scripting
- POC 2025-08-01wp-security-open-redirect: WordPress All-in-One Security <=4.4.1 - Open Redirect
- POC 2025-08-01wp-simple-fields-lfi: WordPress Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE
- POC 2025-08-01wp-slideshow-xss: WordPress Slideshow - Cross-Site Scripting
- POC 2025-08-01wp-socialfit-xss: WordPress SocialFit - Cross-Site Scripting
- POC 2025-08-01wp-spot-premium-lfi: WordPress Javo Spot Premium Theme - Unauthenticated Directory Traversal
- POC 2025-08-01wp-statistics-sqli: WordPress WP Statistics Plugin 13.0.7 - SQL Injection
- POC 2025-08-01wordpress-super-forms: WordPress super-forms Plugin Directory Listing
- POC 2025-08-01wp-sym404: Wordpress sym404 directory
- POC 2025-08-01wp-touch-redirect: WordPress WPtouch 3.7.5 - Open Redirect
- POC 2025-08-01wp-tutor-lfi: WordPress tutor 1.5.3 - Local File Inclusion
- POC 2025-08-01wordpress-upload-data: wordpress-upload-data
- POC 2025-08-01wp-upward-theme-redirect: WordPress Upward Themes <1.5 - Open Redirect
- POC 2025-08-01wp-user-enum: WordPress REST API User Enumeration
- POC 2025-08-01wp-vault-local-file-inclusion: WordPress Vault 0.8.6.6 - Local File Inclusion
- POC 2025-08-01wordpress-xmlrpc-brute-force: Wordpress XMLRPC.php username and password Bruteforcer
- POC 2025-08-01wpify-woo-czech-xss: WordPress WPify Woo Czech <3.5.7 - Cross-Site Scripting
- POC 2025-08-01wpml-xss: WordPress Plugin WPML Version < 4.6.1 Cross-Site Scripting
- POC 2025-08-01wptouch-xss: WordPress WPtouch <4.3.44 - Cross-Site Scripting
- POC 2025-08-01zero-spam-sql-injection: WordPress Zero Spam <= 2.1.1 - Blind SQL Injection
- POC 2025-08-01CVE-2025-6174: WordPress Qwizcards < 3.95 - Cross-Site Scripting (Reflected)
- POC 2025-08-01wordpress-login: WordPress login
- 2025-07-28WordPress WPBookit <= 1.0.4 /wp-admin/admin-ajax.php 文件上传漏洞 (CVE-2025-6058)
- 2025-07-24(CVE-2025-4608)WordPress Structured Content插件存储型跨站脚本漏洞
- 2025-07-23(CVE-2025-6174)Qwizcards WordPress插件3.9.4及之前版本反射型跨站脚本漏洞
- 2025-07-22WordPress WP_HTML_Token反序列化代码执行漏洞
- 2025-07-22(CVE-2025-6082)WordPress Birth Chart Compatibility插件完整路径泄露漏洞
- 2025-07-15WordPress Ads-pro /wp-admin/admin-ajax.php 文件包含漏洞 (CVE-2025-4380)
- 2025-07-15WordPress Simple File List 插件 /wp-content/plugins/simple-file-list/ee-upload-engine.php 文件上传漏洞 (CVE-2025-34085)
- 2025-07-15(CVE-2025-5394) Alone WordPress主题任意文件上传漏洞
- 2025-07-13WordPress plugin Events Manager SQL注入漏洞
- 2025-07-10WordPress-ads-pro 存在本地文件包含漏洞(CVE-2025-4380)
- 2025-07-10WordPress Kognetiks Chatbot for WordPress 插件 <= 2.0.0 /wp-admin/admin-ajax.php 文件上传漏洞 (CVE-2024-32700)
- 2025-07-04WordPress Relevanssi /wp-admin/admin-ajax.php 未授权访问漏洞(CVE-2024-1380)
- 2025-06-20WordPress 插件 Hotel Booking Lite / 文件读取漏洞(CVE-2023-5991)
- 2025-06-20Wordpress Plugins Kiwiz /wp-content/plugins/woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz/entrypoint/concat-pdf.php 文件读取漏洞(CVE-2023-2180)
- 2025-06-18(CVE-2025-4413)WordPress插件Pixabay Images任意文件上传漏洞
- 2025-06-13(CVE-2025-5815)WordPress Traffic Monitor插件未授权数据修改漏洞
- 2025-06-10(CVE-2025-4601) RH房地产WordPress主题权限提升漏洞
- 2025-06-06WordPress plugin Comments Import & Export 跨站脚本漏洞
- 2025-06-06(CVE-2025-5239)WordPress插件Domain For Sale存储型跨站脚本漏洞
- 2025-06-04(CVE-2025-4578)File Provider WordPress插件SQL注入漏洞
- 2025-05-31(CVE-2025-4607) WordPress PSW前端登录与注册插件特权提升漏洞
- 2025-05-31(CVE-2025-4631) WordPress Profitori插件权限提升漏洞
- 2025-05-30WordPress Madara /wp-admin/admin-ajax.php 文件包含漏洞 (CVE-2025-4524)
- 2025-05-30(CVE-2025-5235)WordPress OpenSheetMusicDisplay插件存储型跨站脚本漏洞
- 2025-05-28WordPress suretriggers 存在权限绕过漏洞(CVE-2025-3102)
- 2025-05-27(CVE-2025-4682)WordPress插件The Essential Blocks存储型XSS漏洞
- 2025-05-21WordPress_Madara 本地文件包含漏洞 CVE-2025-4524
- 2025-05-21(CVE-2025-4094)DIGITS插件OTP验证速率限制不足漏洞
- 2025-05-16WordPress WP01 插件 /wp-admin/admin-ajax.php?action=wp01_generate_zip_archive 文件读取漏洞(CVE-2025-30567)
- 2025-05-15WordPress_depicter Sql注入 (CVE-2025-2011)
- 2025-05-15WordPress_Relevanssi存在Sql注入漏洞(CVE-2025-4396)
- 2025-05-09WordPress Kubio 插件 / 文件包含漏洞(CVE-2025-2294)
- 2025-05-06WordPress_AdsProPlugin Sql注入漏洞(CVE-2024-13322)
- 2025-05-05WordPress plugin Job Listings 授权问题漏洞
- 2025-05-05WordPress plugin VerticalResponse Newsletter Widget 跨站脚本漏洞
- 2025-05-05WordPress plugin SurveyJS 跨站脚本漏洞
- 2025-05-05WordPress plugin Xavins Review Ratings 跨站脚本漏洞
- 2025-05-05WordPress plugin Database Toolset 信息泄露漏洞
- 2025-04-30WordPress Plugin Suretriggers /wp-json/sure-triggers/v1/automation/action 未授权访问漏洞(CVE-2025-3102)
- 2025-04-28WordPress plugin eForm 跨站脚本漏洞
- 2025-04-28WordPress plugin Breeze Display 跨站脚本漏洞
- 2025-04-27WordPress plugin WPVN 跨站请求伪造漏洞
- 2025-04-20WordPress plugin Sponsered Link 跨站脚本漏洞
- 2025-04-13WordPress plugin azurecurve Shortcodes in Comments 代码注入漏洞
- 2025-04-13WordPress plugin Accredible Certificates & Open Badges SQL注入漏洞
- 2025-04-13WordPress plugin Payment Forms for Paystack 跨站脚本漏洞
- 2025-04-13WordPress plugin ORDER POST 代码注入漏洞
- 2025-04-03WordPress Plugin RepairBuddy /wp-admin/admin-ajax.php 文件上传漏洞(CVE-2024-51793)
- 2025-04-01WordPress Plugin R+L Carrier Edition /wp-admin/admin-ajax.php SQL 注入漏洞(CVE-2024-13481)
- 2025-03-31WordPress Kubio plugin kubio-site-edit-iframe-preview 任意文件读取漏洞
- 2025-03-31Wordpress Kubio AI Page Builder 本地文件包含漏洞(CVE-2025-2294)
- 2025-03-20WordPress CF7插件cities存在SQL注入漏洞
- 2025-03-20wordPress WooCommerce 本地文件包含漏洞(CVE-2025-1661)
- 2025-03-14WordPress W3 Total Cache pub/sns.php 文件读取漏洞(CVE-2019-6715)
- 2025-03-11WordPress plugin miniOrange Social Login and Register 授权问题漏洞
- 2025-02-28WordPress Yawave插件前台SQL注入漏洞(CVE-2025-1648)
- 2025-02-24WordPress LTL Freight Quotes 多个插件存在 sql注入漏洞(CVE-2024-13481、CVE-2024-13478、CVE-2024-13485)
- 2025-02-24WordPress Web Directory Free /wp-admin/admin-ajax.php 文件读取漏洞(CVE-2024-3673)
- 2025-02-21WordPress ltl-freight-quotes-estes-edition sql注入漏洞(CVE-2024-13479)
- 2025-02-19WordPress plugin Easy Elementor Addons 跨站脚本漏洞
- 2025-02-19WordPress plugin Leyka 跨站脚本漏洞
- 2025-02-19WordPress plugin WP Airbnb Review Slider SQL注入漏洞
- 2025-02-19WordPress plugin Content Snippet Manager 跨站请求伪造漏洞
- 2025-02-19WordPress plugin Botnet Attack Blocker 跨站脚本漏洞
- 2025-02-19WordPress plugin Keep Backup Daily 路径遍历漏洞
- 2025-02-19WordPress plugin LTL Freight Quotes – Unishippers Edition 跨站脚本漏洞
- 2025-02-19WordPress plugin Forex Calculators 跨站脚本漏洞
- 2025-02-14WordPress plugin WP Foodbakery 跨站脚本漏洞
- 2025-02-09WordPress plugin WP ALL Export Pro 代码注入漏洞
- 2025-02-09WordPress plugin WP ALL Export Pro 代码注入漏洞
- 2025-01-28WordPress plugin WC Affiliate 跨站脚本漏洞
- 2025-01-27WordPress plugin Divi Carousel Maker 跨站脚本漏洞
- 2025-01-27WordPress plugin Import WP – Export and Import CSV and XML files to WordPress 信息泄露漏洞
- 2025-01-27WordPress plugin ABC Notation 跨站脚本漏洞
- 2025-01-27WordPress plugin Ask Me Anything 跨站脚本漏洞
- 2025-01-27WordPress plugin Etsy Importer 跨站脚本漏洞
- 2025-01-27WordPress plugin Power Ups for Elementor 跨站脚本漏洞
- 2025-01-27WordPress plugin WordPress SEO Friendly Accordion FAQ with AI assisted content generation 跨站脚本漏洞
- 2025-01-27WordPress plugin Event post 跨站脚本漏洞
- 2025-01-27WordPress plugin WC Marketplace 跨站脚本漏洞
- 2025-01-27WordPress plugin Herd Effects 跨站请求伪造漏洞
- 2025-01-27WordPress plugin MachForm Shortcode 跨站请求伪造漏洞
- 2025-01-27WordPress plugin SERPed.net SQL注入漏洞
- 2025-01-27WordPress plugin Modal Window 跨站请求伪造漏洞
- 2025-01-27WordPress plugin Orbisius Simple Notice 跨站脚本漏洞
- 2025-01-27WordPress plugin Widget Countdown 跨站脚本漏洞
- 2025-01-27WordPress plugin PPOM for WooCommerce 跨站脚本漏洞
- 2025-01-27WordPress plugin Nested Pages 跨站脚本漏洞
- 2025-01-27WordPress plugin Restrict Anonymous Access 跨站脚本漏洞
- 2025-01-27WordPress plugin WP Ultimate Exporter 路径遍历漏洞
- 2025-01-27WordPress plugin WP VR 跨站脚本漏洞
- 2025-01-27WordPress plugin Starter Templates 跨站请求伪造漏洞
- 2025-01-27WordPress plugin Attire Blocks 跨站请求伪造漏洞
- 2025-01-27WordPress plugin Radius Blocks 跨站请求伪造漏洞
- 2025-01-27WordPress plugin Easy YouTube Gallery 跨站脚本漏洞
- 2025-01-27WordPress plugin Show/Hide Shortcode 跨站脚本漏洞
- 2025-01-26WordPress event-monster插件信息泄露漏洞(CVE-2024-11396)
- 2025-01-22WordPress Fancy Product Designer插件Sql注入漏洞(CVE-2024-51818)
- 2025-01-22WordPress Hunk Companion 插件存在未认证漏洞(CVE-2024-9707)
- 2025-01-21WordPress plugin Import any XML or CSV File to WordPress PRO 跨站脚本漏洞
- 2025-01-18WordPress plugin PDF.js Shortcode 跨站脚本漏洞
- 2025-01-18WordPress plugin Send to Twitter 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Scroll Top Advanced 跨站脚本漏洞
- 2025-01-18WordPress plugin Cookie Consent & Autoblock for GDPR/CCPA 跨站请求伪造漏洞
- 2025-01-18WordPress plugin WordPress Logging Service 跨站请求伪造漏洞
- 2025-01-18WordPress plugin EditionGuard for WooCommerce – eBook Sales with DRM 跨站脚本漏洞
- 2025-01-18WordPress plugin Easy EU Cookie law 跨站脚本漏洞
- 2025-01-18WordPress plugin Geotagged Media 跨站请求伪造漏洞
- 2025-01-18WordPress plugin WP-Player 跨站脚本漏洞
- 2025-01-18WordPress plugin Altima Lookbook Free for WooCommerce 跨站脚本漏洞
- 2025-01-18WordPress plugin WP VTiger Synchronization 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Extra Options – Favicons 跨站请求伪造漏洞
- 2025-01-18WordPress plugin add custom google tag manager 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Board Election 跨站请求伪造漏洞
- 2025-01-18WordPress plugin AlT Report 跨站脚本漏洞
- 2025-01-18WordPress plugin Visit Site Link enhanced 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Mass Custom Fields Manager 跨站请求伪造漏洞
- 2025-01-18WordPress plugin UpDownUpDown 跨站请求伪造漏洞
- 2025-01-18WordPress plugin go Social 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Web Testimonials 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Password Protect Plugin for WordPress 跨站请求伪造漏洞
- 2025-01-18WordPress plugin MD Custom content after or before of post 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Wp-Scribd-List 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Custom Widget Classes 跨站请求伪造漏洞
- 2025-01-18WordPress plugin QR Code Generator 跨站脚本漏洞
- 2025-01-18WordPress plugin CNZZ&51LA for WordPress 跨站请求伪造漏洞
- 2025-01-18WordPress plugin JB Horizontal Scroller News Ticker 跨站脚本漏洞
- 2025-01-18WordPress plugin WordPress Gallery Plugin 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Admin Cleanup 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Debt Calculator 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Winning Portfolio 跨站脚本漏洞
- 2025-01-18WordPress plugin WCS QR Code Generator 跨站脚本漏洞
- 2025-01-18WordPress plugin CJ Custom Content 跨站请求伪造漏洞
- 2025-01-18WordPress plugin Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com 跨站脚本漏洞
- 2025-01-18WordPress plugin Top Flash Embed 跨站脚本漏洞
- 2025-01-18WordPress plugin Chess Tempo Viewer 跨站脚本漏洞
- 2025-01-18WordPress plugin Simple Vertical Timeline 跨站脚本漏洞
- 2025-01-18WordPress plugin Charity-thermometer 跨站脚本漏洞
- 2025-01-17WordPress plugin WP Bulletin Board 跨站脚本漏洞
- 2025-01-17WordPress plugin Elementor AI Addons 跨站脚本漏洞
- 2025-01-17WordPress plugin Partners 跨站脚本漏洞
- 2025-01-17WordPress plugin Nativery 跨站脚本漏洞
- 2025-01-17WordPress plugin SEO Bulk Editor 跨站脚本漏洞
- 2025-01-17WordPress plugin WP Order By 跨站脚本漏洞
- 2025-01-17WordPress plugin WP Headmaster 跨站脚本漏洞
- 2025-01-17WordPress plugin Twitter Bootstrap Collapse aka Accordian Shortcode 跨站脚本漏洞
- 2025-01-17WordPress plugin WoorouSell 跨站脚本漏洞
- 2025-01-17WordPress plugin SetMore Theme – Custom Post Types 跨站脚本漏洞
- 2025-01-17WordPress plugin WP ULike 跨站脚本漏洞
- 2025-01-17WordPress plugin Build Private Store For Woocommerce 跨站请求伪造漏洞
- 2025-01-17WordPress plugin WP ViewSTL 跨站脚本漏洞
- 2025-01-17WordPress plugin Free Google Maps 跨站脚本漏洞
- 2025-01-17WordPress plugin Foundation Columns 跨站脚本漏洞
- 2025-01-17WordPress plugin Posts Footer Manager 跨站脚本漏洞
- 2025-01-17WordPress plugin Amber 跨站脚本漏洞
- 2025-01-17WordPress plugin turboSMTP 跨站脚本漏洞
- 2025-01-17WordPress plugin Gallery and Lightbox 跨站脚本漏洞
- 2025-01-17WordPress plugin Multilang Contact Form 跨站脚本漏洞
- 2025-01-17WordPress plugin Responsive jQuery Slider 跨站脚本漏洞
- 2025-01-17WordPress plugin wp-pano 跨站脚本漏洞
- 2025-01-17RuleApi /system/isKey 默认口令漏洞
- 2025-01-13WordPress plugin ClickWhale 跨站脚本漏洞
- 2025-01-13WordPress plugin Grid Accordion Lite 跨站脚本漏洞
- 2025-01-13WordPress plugin Push Notification for Post and BuddyPress 跨站脚本漏洞
- 2025-01-13WordPress plugin Page Builder Features 跨站脚本漏洞
- 2025-01-10WordPress Crypto 插件 /wp-admin/admin-ajax.php 权限绕过漏洞(CVE-2024-9989)
- 2025-01-03WordPress Crypto 插件存在前台任意用户登录漏洞(CVE-2024-9989)
- 2025-01-03WordPress Tutor LMS 插件 /wp-admin/admin-ajax.php SQL 注入漏洞 (CVE-2024-10400)
- 2024-12-27WordPress plugin Tourfic SQL注入漏洞
- 2024-12-27WordPress plugin WP Data Access SQL注入漏洞
- 2024-12-27WordPress plugin WP Legal Pages 跨站请求伪造漏洞
- 2024-12-26WordPress plugin ShMapper by Teplitsa 跨站脚本漏洞
- 2024-12-26WordPress plugin Export Customers Data 跨站脚本漏洞
- 2024-12-26WordPress plugin Tracking Code Manager 跨站脚本漏洞
- 2024-12-26WordPress plugin Text Prompter 跨站脚本漏洞
- 2024-12-26WordPress plugin WP Datepicker 跨站脚本漏洞
- 2024-12-26WordPress plugin Database Backup and check Tables Automated With Scheduler 路径遍历漏洞
- 2024-12-26WordPress plugin Optio Dentistry 跨站脚本漏洞
- 2024-12-26WordPress plugin Bitcoin Lightning Publisher 跨站脚本漏洞
- 2024-12-25WordPress File Upload 插件 /wfu_file_downloader.php 文件读取漏洞(CVE-2024-9047)
- 2024-12-19WordPress plugin Portfolio 跨站脚本漏洞
- 2024-12-19WordPress plugin TPG Get Posts 跨站脚本漏洞
- 2024-12-19WordPress plugin CRM Perks 跨站脚本漏洞
- 2024-12-19WordPress plugin Animated Counters 跨站脚本漏洞
- 2024-12-06WordPress-Dropdown-CF7 /wp-admin/admin-ajax.php SQL 注入漏洞(CVE-2024-3495)
- 2024-11-29WordPress AI Engine /wp-json/mwai-ui/v1/files/upload 文件上传漏洞(CVE-2023-51409)
- 2024-11-29WordPress Plugin HTML5 Video Player 插件 id 参数 SQL 注入漏洞 (CVE-2024-1061)
- 2024-11-21WordPress Automatic Plugin / 文件读取漏洞(CVE-2024-27954)
- 2024-11-09WordPress plugin Prime Slider 跨站脚本漏洞
- 2024-11-08WordPress plugin WS Form LITE 跨站脚本漏洞
- 2024-11-08WordPress plugin Event post 跨站脚本漏洞
- 2024-11-08WordPress plugin Easy Pricing Tables 跨站脚本漏洞
- 2024-11-08WordPress plugin Active Products Tables for WooCommerce 跨站脚本漏洞
- 2024-11-08WordPress plugin MapPress Maps for WordPress 跨站脚本漏洞
- 2024-11-07WordPress plugin Contact Form 7 – Dynamic Text Extension 信息泄露漏洞
- 2024-11-07WordPress plugin Loginizer Security and Loginizer 授权问题漏洞
- 2024-11-07WordPress plugin XT Floating Cart for WooCommerce 跨站脚本漏洞
- 2024-11-07WordPress plugin Ultimate Bootstrap Elements for Elementor 信息泄露漏洞
- 2024-11-07WordPress plugin 140+ Widgets | Xpro Addons For Elementor – FREE 信息泄露漏洞
- 2024-11-07WordPress plugin Social Login 授权问题漏洞
- 2024-11-07WordPress plugin Tickera – WordPress Event Ticketing 代码注入漏洞
- 2024-11-07WordPress plugin Seriously Simple Podcasting 跨站脚本漏洞
- 2024-11-07WordPress plugin Contest Gallery SQL注入漏洞
- 2024-11-04WordPress plugin ReCaptcha Integration for WordPress 跨站脚本漏洞
- 2024-11-04WordPress plugin BookingPress SQL注入漏洞
- 2024-11-03WordPress plugin Group Chat & Video Chat by AtomChat 跨站脚本漏洞
- 2024-11-02WordPress plugin Easy SVG Upload 跨站脚本漏洞
- 2024-11-02WordPress plugin Podlove Podcast Publisher 跨站请求伪造漏洞
- 2024-11-02WordPress plugin Gift Cards 跨站脚本漏洞
- 2024-11-02WordPress plugin WPMobile.App 跨站请求伪造漏洞
- 2024-11-02WordPress plugin Custom Twitter Feeds 跨站请求伪造漏洞
- 2024-11-01WordPress plugin WP Team 跨站脚本漏洞
- 2024-11-01WordPress plugin The Enable Shortcodes inside Widgets,Comments and Experts 码注入漏洞
- 2024-11-01WordPress plugin Pricing Tables WordPress Plugin – Easy Pricing Tables 跨站脚本漏洞
- 2024-11-01WordPress plugin T(-) Countdown 跨站脚本漏洞
- 2024-11-01WordPress plugin Subscribe to Comments 跨站脚本漏洞
- 2024-11-01WordPress plugin Woocommerce Product Design 路径遍历漏洞
- 2024-11-01WordPress plugin Woocommerce Product Design 路径遍历漏洞
- 2024-11-01WordPress plugin Black Widgets For Elementor 跨站脚本漏洞
- 2024-10-31WordPress plugin Crypto 跨站请求伪造漏洞
- 2024-10-31WordPress plugin Newsletters 跨站脚本漏洞
- 2024-10-31WordPress plugin Beaver Builder 跨站脚本漏洞
- 2024-10-31WordPress plugin Post Status Notifier Lite and Premium 跨站脚本漏洞
- 2024-10-31WordPress plugin Premium Addons for Elementor 跨站脚本漏洞
- 2024-10-31WordPress plugin Kata Plus–Addons for Elementor–Widgets, Extensions and Templates 跨站脚本漏洞
- 2024-10-28WordPress plugin DearFlip 跨站脚本漏洞
- 2024-10-28WordPress plugin Contact Form 跨站脚本漏洞
- 2024-10-28WordPress plugin Compact WP Audio Player 跨站脚本漏洞
- 2024-10-28WordPress plugin MultiVendorX 授权问题漏洞
- 2024-10-28WordPress plugin MultiVendorX 跨站请求伪造漏洞
- 2024-10-28WordPress plugin WP Recipe Maker 跨站脚本漏洞
- 2024-10-28WordPress plugin Extra Product Options Builder for WooCommerce 跨站脚本漏洞
- 2024-10-28WordPress plugin EventPrime 跨站脚本漏洞
- 2024-10-28WordPress plugin ID-SK Toolkit 跨站脚本漏洞
- 2024-10-28WordPress plugin Editor Custom Color Palette 跨站脚本漏洞
- 2024-10-28WordPress plugin PriPre 跨站脚本漏洞
- 2024-10-28WordPress plugin Poll Maker 跨站脚本漏洞
- 2024-10-28WordPress plugin ElementsKit Elementor addons 跨站脚本漏洞
- 2024-10-28WordPress plugin WP Crowdfunding 跨站脚本漏洞
- 2024-10-28WordPress plugin WP Awesome Login 跨站脚本漏洞
- 2024-10-28WordPress plugin Poll Maker SQL注入漏洞
- 2024-10-28WordPress plugin Clever Addons for Elementor 信息泄露漏洞
- 2024-10-28WordPress plugin FormFacade 跨站脚本漏洞
- 2024-10-11WordPress GiveWP 插件 /admin-ajax.php 命令执行漏洞(CVE-2024-8353)
- 2024-08-14WordPress DZS-VideoGallery插件CVE-2014-9094跨站脚本漏洞
- 2024-08-14WordPress 插件 Better Search Replace wp-comments-post 不安全的反序列化漏洞
- 2024-08-14WordPress plugin Football Pool 跨站脚本漏洞
- 2024-08-07WordPress WPvivid Backup插件PHAR不安全的反序列化漏洞
- 2024-08-06易宝OA /WebService/BasicService.asmx SQL 注入漏洞
- 2024-07-26WordPress XStore theme SQL注入漏洞
- 2024-07-25Wordpress ValvePress Automatic CVE-2024-27956 SQL注入漏洞
- 2024-07-24WordPress plugin GPT3 AI Content Writer 跨站脚本漏洞
- 2024-07-19WordPress插件Recall /account/ SQL 注入漏洞(CVE-2024-32709)
- 2024-07-18WordPress 多个插件 PHP对象注入漏洞
- 2024-07-18WordPress ThemeREX 插件代码执行漏洞
- 2024-07-18WordPress MailPoet Newsletters插件远程文件上传漏洞
- 2024-07-18WordPress MStore 插件 CVE-2023-2732 权限绕过漏洞
- 2024-07-18WordPress Simple Ads Manager信息泄露漏洞
- 2024-07-12WordPress plugin affiliate-toolkit 日志信息泄露漏洞
- 2024-07-12WordPress plugin TrustedLogin Vendor 日志信息泄露漏洞
- 2024-07-12WordPress Goto Theme Plugin SQL 注入漏洞
- 2024-07-08WordPress 插件HTML5 视频播放器 < 2.5.27 存在SQL注入漏洞
- 2024-07-04WordPress Quiz Maker plugin CVE-2024-6028 SQL 注入漏洞
- 2024-07-04WordPress Bello Theme SQL 注入以及 XSS 漏洞
- 2024-07-04WordPress REST API CVE-2017-5487 信息泄露漏洞
- 2024-07-04WordPress Responsive Menu插件文件上传漏洞
- 2024-07-04WordPress Plugin Lightbox CVE-2021-24665 XSS漏洞
- 2024-07-04WordPress YITH WooCommerce Gift Cards 插件文件上传漏洞
- 2024-06-28WordPress WooCommerce plugin CVE-2024-2876 SQL注入漏洞
- 2024-06-21WordPress Plugin CVE-2021-34621 权限提升漏洞
- 2024-06-19(CVE-2023-40004) ServMask WordPress迁移扩展 授权漏洞
- 2024-06-14WordPress plugin Debug Log – Manger Tool 日志信息泄露漏洞
- 2024-06-07WordPressRedux 框架敏感信息泄漏漏洞 (CVE-2021-38314)
- 2024-06-06WordPress 插件 WPvivid CVE-2024-1981 SQL注入漏洞
- 2024-06-06WordPress /superstorefinder-wp/ssf-wp-admin/pages/import.php 任意文件上传漏洞
- 2024-06-05WordPress的Secure Copy Content Protection and Content Locking插件存在sql注入漏洞
- 2024-05-31WordPress 插件 jqueryFileTree queryFileTree.php 目录遍历漏洞
- 2024-05-31WordPress Bricks Builder CVE-2024-25600 远程代码执行漏洞
- 2024-05-23WordPress Backup Migration Plugin CVE-2023-7002 命令注入漏洞
- 2024-05-23WordPress Automatic 插件 CVE-2024-27954 任意文件下载漏洞
- 2024-05-20WordPress plugin Dynamics 365 Integration 日志信息泄露漏洞
- 2024-05-17WordPress Paid Membership Pro Plugins CVE-2023-6187 任意文件上传漏洞
- 2024-05-09WordPress Ultimate Member插件 SQL注入漏洞
- 2024-05-07WordPress WP Live Chat Support Pro 插件 remote_upload 接口任意文件上传漏洞(CVE-2019-11185)
- 2024-05-05WordPress MasterStudy LMS 插件存在SQL注入漏洞 (CVE-2024-1512)
- 2024-05-01WordPress Automatic插件 存在未授权SQL注入漏洞(CVE-2024-27956)
- 2024-04-29WordPress wp-google-maps插件sql注入漏洞(CVE-2019-10692)
- 2024-04-29Wordpress 插件 Duplicator 任意文件读取漏洞(CVE-2020-11738)
- 2024-04-27WordPress AI Engine 插件 文件上传致远程代码执行漏洞(CVE-2023-51409)
- 2024-04-26WordPress plugin Simply Static 日志信息泄露漏洞
- 2024-04-26WordPress plugin Newsletters 日志信息泄露漏洞
- 2024-04-26WordPress plugin Smart Forms CVE-2023-7203 任意接口删除漏洞
- 2024-04-26Wordpress plugin LayerSlider CVE-2024-2879 SQL注入漏洞
- 2024-04-26WordPress JS Support Ticket 插件任意文件上传漏洞
- 2024-04-25WordPress thimpress_hotel_booking 远程代码执行漏洞
- 2024-04-19WordPress Plugin Backup Migration 日志信息泄露漏洞
- 2024-04-18WordPress File Manager 任意文件上传漏洞
- 2024-04-12WordPress Plugin FG Drupal to WordPress 日志信息泄露漏洞
- 2024-04-12WordPress Plugin SearchIQ 日志信息泄露漏洞
- 2024-04-12WordPress Plugin ConvertKit 日志信息泄露漏洞
- 2024-04-12WordPress Plugin Slideshow Gallery LITE 日志信息泄露漏洞
- 2024-04-12WordPress Plugin Subscribe To Comments Reloaded 日志信息泄露漏洞
- 2024-04-12WordPress Plugin User Spam Remover 日志信息泄露漏洞
- 2024-04-10WordPress Plugin LayerSlider SQL注入漏洞(CVE-2024-2879)
- 2024-04-04WordPress plugin WP Fastest Cache SQL注入漏洞(CVE-2023-6063)
- 2024-04-02WordPress Plugin Paid Memberships Pro 日志信息泄露漏洞
- 2024-03-31WordPress Plugin FG PrestaShop to WooCommerce 日志信息泄露漏洞
- 2024-03-31WordPress Plugin Paid Memberships Pro 日志信息泄露漏洞
- 2024-03-29WordPress Plugin Community by PeepSo 日志信息泄露漏洞
- 2024-03-29WordPress Plugin Seraphinite Accelerator 日志信息泄露漏洞
- 2024-03-28WordPress Plugin CF7 Google Sheets Connector 日志信息泄露漏洞
- 2024-03-23WordPress Automatic Plugin <3.92.1任意文件下载
- 2024-03-21WordPress My Calendar 插件 my_calendar_rest_route SQL注入漏洞
- 2024-03-19WordPress notificationx 存在SQL注入
- 2024-03-19WordPress Plugin AI Power: Complete AI Pack – Powered by GPT-4 跨站请求伪造漏洞
- 2024-03-14WordPress User Registration插件 CVE-2023-3342 任意文件上传漏洞
- 2024-03-14WordPress LearnPress Plugin handle_params_for_query_courses SQL注入漏洞
- 2024-03-13(CVE-2024-1071) WordPress 插件 代码注入漏洞
- 2024-02-23WordPress Bricks render_element 远程代码执行漏洞(CVE-2024-25600)
- 2024-02-22WordPress LearnPress CVE-2022-0271跨站脚本漏洞
- 2024-02-22WordPress HTML2WP 插件任意文件上传漏洞
- 2024-02-22WordPress WooCommerce CVE-2022-1020远程代码执行漏洞
- 2024-02-22WordPress BookingPress 插件 CVE-2022-0739 SQL注入漏洞
- 2024-02-22WordPress All-in-One Video Gallery video.php 任意文件读取漏洞
- 2024-02-22WordPress School Management Pro插件CVE-2022-1609后门漏洞
- 2024-02-22WordPress Perfect Survey CVE-2021-24762 SQL注入漏洞
- 2024-02-22WordPress All-in-One WP Migration插件CVE-2022-1476目录遍历漏洞
- 2024-02-22WordPress WP_Query CVE-2022-21664 SQL注入漏洞
- 2024-02-22WordPress plugin WooCommerce CVE-2022-0478 SQL注入漏洞
- 2024-02-22WordPress Simple Membership 插件 XSS 漏洞
- 2024-02-22Phlox WordPress plugin反射型跨站脚本漏洞
- 2024-02-22WordPress Nirweb Support SQL注入漏洞
- 2024-02-22WordPress插件AYS Popup Box 反射型跨站脚本漏洞
- 2024-02-22WordPress 多个主题产品 lang_upload.php 任意文件上传漏洞
- 2024-02-22WordPress Ad Invalid Click Protector CVE-2022-0190 SQL注入漏洞
- 2024-02-22WordPress Shareaholic 插件 CVE-2022-0594 信息泄露漏洞
- 2024-02-22WordPress Narnoo Distributor CVE-2022-0679 目录遍历漏洞
- 2024-02-22WordPress Customize Login Image插件跨站脚本漏洞
- 2024-02-22WordPress One Click Demo Import CVE-2022-1008远程代码执行漏洞
- 2024-02-22WordPress All-in-One WP Migration CVE-2021-24216 远程代码执行漏洞
- 2024-02-22WordPress Photo Gallery 插件CVE-2022-1281 SQL注入漏洞
- 2024-02-22WordPress WP Downgrade CVE-2022-1001跨站脚本漏洞
- 2024-02-22WPQA Builder WordPress plugin反射型跨站脚本漏洞
- 2024-02-22WordPress Plugin uDraw 任意文件访问漏洞
- 2024-02-22WordPress Duplicator 插件权限提升漏洞
- 2024-02-22WordPress White Label CMS 插件反射型 XSS 漏洞
- 2024-02-22WordPress Welcart e-Commerce progress-check.php 任意文件读取漏洞
- 2024-02-22WordPress TI WooCommerce Wishlist 插件CVE-2022-0412 SQL注入漏洞
- 2024-02-22WordPress Feed Them Social 插件反射型跨站脚本漏洞
- 2024-02-22WordPress Popup Maker插件弹出设置存储型跨站脚本漏洞
- 2024-02-22WordPress 5 Stars Rating Funnel CVE-2022-0657 SQL注入漏洞
- 2024-02-22WordPress MapPress Maps CVE-2022-0208跨站脚本漏洞
- 2024-02-22WordPress RVM CVE-2021-24947目录遍历漏洞
- 2024-02-22WordPress Essential Addons CVE-2022-0320目录遍历漏洞
- 2024-02-22WordPress eaSYNC 插件 CVE-2022-1952 任意文件上传漏洞
- 2024-02-22WordPress Admin Word Count Column 插件任意文件读取漏洞
- 2024-02-22Wordpress Google Tag 管理器反射型XSS 漏洞
- 2024-02-22WordPress AP Custom Testimonial 插件CVE-2022-23911 SQL注入漏洞
- 2024-02-22WordPress Core Post Slug 存储型XSS漏洞
- 2024-02-22WordPress Super Socializer CVE-2021-24987跨站脚本漏洞
- 2024-02-22WordPress WP Statistics插件CVE-2022-25148 SQL注入漏洞
- 2024-02-22WordPress CVE-2022-21661 SQL注入漏洞
- 2024-02-22WordPress Ketchup Restaurant Reservations插件SQL注入漏洞
- 2024-02-22WordPress Domain Check Plugin CVE-2021-24926跨站脚本漏洞
- 2024-02-22WordPress NotificationX插件SQL注入漏洞
- 2024-02-22WordPress WP Statistics 插件 CVE-2022-25305 跨站脚本漏洞
- 2024-02-22WordPress Photo Gallery CVE-2022-0169 SQL注入漏洞
- 2024-02-22WordPress Gwyn's Imagemap Selector 跨站脚本漏洞
- 2024-02-22WordPress Visual Form Builder 插件信息泄露漏洞
- 2024-02-22WordPress WP Statistics Plugin ip SQL注入漏洞
- 2024-02-22WordPress MultiSafepay plugin for WooCommerce任意文件读取漏洞
- 2024-02-22WordPress Simple Ajax Chat Plugin敏感信息泄露漏洞
- 2024-02-22WordPress Contact Form 7 Skins CVE-2021-25063跨站脚本漏洞
- 2024-02-22WordPress RSVP CVE-2022-1054 信息泄露漏洞
- 2024-02-22WordPress Events Made Easy插件lang参数SQL注入漏洞
- 2024-02-22WordPress Visual Form Builder Plugin Trash CSRF漏洞
- 2024-02-22WordPress Page Views Count CVE-2022-0434 SQL注入漏洞
- 2024-02-22WordPress Tatsu CVE-2021-25094远程代码执行漏洞
- 2024-02-22Wordpress Visitor Statistics SQL 注入漏洞
- 2024-02-22WordPress Ketchup Restaurant Reservations插件跨站脚本漏洞
- 2024-02-22WordPress Drag and Drop 插件 CVE-2022-0595 跨站脚本漏洞