WordPress - CVE CyberSecurity Database News (Page 3)

Feb 26, 2025 WordPress API Exploit

CVE-2024-12434: SureMembers WordPress Plugin Sensitive Information Exposure Vulnerability via REST API

A Sensitive Information Exposure vulnerability has been discovered in the SureMembers plugin for WordPress, with the CVE-2024-12434 designation. This vulnerability exists in all versions up

Feb 25, 2025 WordPress Exploit

CVE-2025-1128: Critical Vulnerability in Everest Forms Plugin for WordPress Allows Arbitrary File Upload, Read, and Deletion

Everest Forms, a popular plugin for WordPress, is designed to allow users to easily create and manage various types of forms including contact forms, quizzes,

Feb 22, 2025 WordPress Exploit PHP

CVE-2025-1510 - Arbitrary Shortcode Execution Vulnerability in Custom Post Type Date Archives Plugin for WordPress

Security researchers have discovered a critical vulnerability in the Custom Post Type Date Archives plugin for WordPress (up to and including version 2.7.1)

Feb 18, 2025 XSS WordPress PHP

CVE-2025-0864: Reflected Cross-Site Scripting vulnerability in Active Products Tables for WooCommerce

The Active Product Tables for WooCommerce plugin is an extremely useful constructor that allows users to create customizable product tables for their WordPress sites. However,

Feb 17, 2025 XSS WordPress Exploit PHP

CVE-2025-23840 – Reflected XSS Vulnerability in WP-NOTCAPTCHA Plugin

Recently, an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability has been discovered, also known as CVE-2025-23840. This vulnerability exists