Common Vulnerabilities and Exposures (CVE)

CVE-2025-3278

Apr 8, 2026 17:06:56 UTC

The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user...

CVE-2026-3903

Apr 8, 2026 17:06:55 UTC

The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing nonce validation on the postConfirmOauth() fu...

CVE-2024-0251

Apr 8, 2026 17:06:55 UTC

The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possi...

CVE-2024-13339

Apr 8, 2026 17:06:55 UTC

The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.8.0. This is due to missing or incorrect nonce validation on the 'debounce_email_validator' page. This mak...

CVE-2025-1671

Apr 8, 2026 17:06:54 UTC

The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity...

CVE-2019-25143

Apr 8, 2026 17:06:54 UTC

The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible...

CVE-2021-4364

Apr 8, 2026 17:06:54 UTC

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible...

CVE-2024-13509

Apr 8, 2026 17:06:53 UTC

The WS Form LITE and PRO plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possi...

CVE-2024-11804

Apr 8, 2026 17:06:53 UTC

The Planaday API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 11.4 due to insufficient input sanitization and output escaping. This makes it possible for ...

CVE-2024-4360

Apr 8, 2026 17:06:52 UTC

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7...

CVE-2025-14508

Apr 8, 2026 17:06:51 UTC

The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1...

CVE-2024-13385

Apr 8, 2026 17:06:51 UTC

The JSM Screenshot Machine Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ssm' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping o...

CVE-2025-12671

Apr 8, 2026 17:06:51 UTC

The WP-Iconics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wp_iconics' shortcode in all versions up to, and including, 0.0.4 due to insufficient input sanitization and output escaping. T...

CVE-2025-2808

Apr 8, 2026 17:06:51 UTC

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization an...

CVE-2025-9877

Apr 8, 2026 17:06:50 UTC

The Embed Google Datastudio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'egds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user s...