“” の検索結果 | WordPress脆弱性情報 WPセキュリティ

脆弱性情報

重大性 4.3

【plugin】『Shield: Blocks Bots, Protects Users, and Prevents Security Breaches』(versions 21.0.9 以下)　Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticatorの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic』(versions 4.9.2 以下)　Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosureの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 5

【plugin】『DK PDF – WordPress PDF Generator』(versions 2.3.0 以下)　Authenticated (Author+) Server-Side Request Forgeryの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Cost Calculator Builder』(versions 3.6.9 以下)　Missing Authorization to Unauthenticated Payment Status Bypassの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 8.8

【plugin】『All-in-One Video Gallery』(versions 4.5.7 以下)　Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypassの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『Awesome Support – WordPress HelpDesk & Support Plugin』(versions 6.3.6 以下)　Missing Authorization to Unauthenticated Role Demotionの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『LEAV Last Email Address Validator』(versions 1.7.1 以下)　Cross-Site Request Forgery to Plugin Settings Updateの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下)　Unauthenticated Order Status Manipulationの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 6.1

【plugin】『RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging』(versions 5.0.10 以下)　Reflected Cross-Site Scripting via classNameの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下)　Missing Authorization to Unauthenticated Rede Order Logs Deletionの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 8.2

【plugin】『Membership Plugin – Restrict Content』(versions 3.2.16 以下)　Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposureの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Booking Calendar』(versions 10.14.11 以下)　Missing Authorization to Sensitive Information Exposureの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Essential Addons for Elementor – Popular Elementor Templates & Widgets』(versions 6.5.5 以下)　Missing Authorization to Unauthenticated Sensitive Information Exposureの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『Related Posts by Taxonomy』(versions 2.7.6 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via ‘related_posts_by_tax’ Shortcodeの脆弱性

2026.01.16

カテゴリーなし

脆弱性情報

重大性 7.5

【plugin】『Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin』(versions 1.6.9.9 以下)　Unauthenticated SQL Injection via `order` and `append_where_sql` Parametersの脆弱性

2026.01.15

カテゴリーなし

脆弱性情報

重大性 5.4

【plugin】『WP-Members Membership Plugin』(versions 3.5.4.3 以下)　Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fieldsの脆弱性

2026.01.15

カテゴリーなし

脆弱性情報

重大性 3.7

【plugin】『Drag and Drop Multiple File Upload for Contact Form 7』(versions 1.3.9.2 以下)　Missing Authorization to Unauthenticated File Deletionの脆弱性

2026.01.15

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『PayHere Payment Gateway Plugin for WooCommerce』(versions 2.3.9 以下)　Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Kunze Law』(versions 2.1 以下)　Authenticated (Administrator+) Stored Cross-Site Scriptingの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 9.8

【plugin】『News and Blog Designer Bundle』(versions 1.1 以下)　Unauthenticated Local File Inclusionの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 5.4

【plugin】『WP-CRM System – Manage Clients and Projects』(versions 3.4.5 以下)　Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modificationの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Stopwords for comments』(versions 1.1 以下)　Missing Authorization to Cross-Site Request Forgeryの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『SpiceForms Form Builder』(versions 1.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Perfit WooCommerce』(versions 1.0.1 以下)　Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletionの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 7.2

【plugin】『GetContentFromURL』(versions 1.0 以下)　Authenticated (Contributor+) Server-Side Request Forgery via ‘url’ Shortcode Attributeの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『SocialChamp with WordPress』(versions 1.3.3 以下)　Cross-Site Request Forgery to Plugin Settings Updateの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Gotham Block Extra Light』(versions 1.5.0 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settingsの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Float Payment Gateway』(versions 1.1.9 以下)　Improper Authorization to Unauthenticated Order Status Manipulationの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 7.2

【plugin】『GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation』(versions 1.1.7 以下)　Unauthenticated Stored Cross-Site Scriptingの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 6.5

【plugin】『Gotham Block Extra Light』(versions 1.5.0 以下)　Authenticated (Contributor+) Arbitrary File Read via ‘ghostban’ Shortcodeの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Aplazo Payment Gateway』(versions 1.4.2 以下)　Missing Authorization to Unauthenticated Order Status Manipulationの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Electric Studio Download Counter』(versions 2.4 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parametersの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『PDF Resume Parser』(versions 1.0 以下)　Unauthenticated Sensitive Information Disclosure in SMTP Credentialsの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Short Link』(versions 1.0 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Pageの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Makesweat』(versions 0.1 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via ‘makesweat_clubid’ Settingの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『Netcash WooCommerce Payment Gateway』(versions 4.1.3 以下)　Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『WP Allowed Hosts』(versions 1.0.8 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via ‘allowed-hosts’ Parameterの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Crush.pics Image Optimizer – Image Compression and Optimization』(versions 1.8.7 以下)　Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updateの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Responsive Accordion Slider』(versions 1.2.2 以下)　Missing Authorization to Authenticated (Contributor+) Slider Update via ‘resp_accordion_silder_save_images’の脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.9

【plugin】『Shipping Rates by City for WooCommerce』(versions 1.0.3 以下)　Authenticated (Shop Manager+) SQL Injection via ‘cities’ Parameterの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 7.2

【plugin】『AJS Footnotes』(versions 1.0 以下)　Unauthenticated Stored Cross-Site Scriptingの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 6.4

【plugin】『SearchWiz』(versions 1.0.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Post Titleの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Testimonials Creator』(versions 1.6 – 1.6)　Authenticated (Admin+) Stored Cross-Site Scriptingの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 7.2

【plugin】『Name Directory』(versions 1.30.3 以下)　Unauthenticated Stored Cross-Site Scripting via Multiple Parametersの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.3

【plugin】『Sosh Share Buttons』(versions 1.1.0 以下)　Cross-Site Request Forgeryの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Real Post Slider Lite』(versions 2.4 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Settingsの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 9.8

【plugin】『Integration Opvius AI for WooCommerce』(versions 1.3.0 以下)　Unauthenticated Arbitrary File Deletion/Read via Path Traversalの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『LinkedIn SC』(versions 1.1.9 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Pageの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 4.4

【plugin】『Internal Link Builder』(versions 1.0 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin’s Settingsの脆弱性

2026.01.14

カテゴリーなし

脆弱性情報

重大性 5.3

【plugin】『LottieFiles – Lottie block for Gutenberg』(versions 3.0.0 以下)　Unauthenticated Sensitive Information Exposureの脆弱性

2026.01.14

カテゴリーなし

WordPress脆弱性情報

"キーワード指定なし"

【plugin】『Shield: Blocks Bots, Protects Users, and Prevents Security Breaches』(versions 21.0.9 以下) Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticatorの脆弱性

【plugin】『All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic』(versions 4.9.2 以下) Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosureの脆弱性

【plugin】『DK PDF – WordPress PDF Generator』(versions 2.3.0 以下) Authenticated (Author+) Server-Side Request Forgeryの脆弱性

【plugin】『Cost Calculator Builder』(versions 3.6.9 以下) Missing Authorization to Unauthenticated Payment Status Bypassの脆弱性

【plugin】『All-in-One Video Gallery』(versions 4.5.7 以下) Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypassの脆弱性

【plugin】『Awesome Support – WordPress HelpDesk & Support Plugin』(versions 6.3.6 以下) Missing Authorization to Unauthenticated Role Demotionの脆弱性

【plugin】『LEAV Last Email Address Validator』(versions 1.7.1 以下) Cross-Site Request Forgery to Plugin Settings Updateの脆弱性

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下) Unauthenticated Order Status Manipulationの脆弱性

【plugin】『RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging』(versions 5.0.10 以下) Reflected Cross-Site Scripting via classNameの脆弱性

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下) Missing Authorization to Unauthenticated Rede Order Logs Deletionの脆弱性

【plugin】『Membership Plugin – Restrict Content』(versions 3.2.16 以下) Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposureの脆弱性

【plugin】『Booking Calendar』(versions 10.14.11 以下) Missing Authorization to Sensitive Information Exposureの脆弱性

【plugin】『Essential Addons for Elementor – Popular Elementor Templates & Widgets』(versions 6.5.5 以下) Missing Authorization to Unauthenticated Sensitive Information Exposureの脆弱性

【plugin】『Related Posts by Taxonomy』(versions 2.7.6 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via ‘related_posts_by_tax’ Shortcodeの脆弱性

【plugin】『Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin』(versions 1.6.9.9 以下) Unauthenticated SQL Injection via `order` and `append_where_sql` Parametersの脆弱性

【plugin】『WP-Members Membership Plugin』(versions 3.5.4.3 以下) Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fieldsの脆弱性

【plugin】『Drag and Drop Multiple File Upload for Contact Form 7』(versions 1.3.9.2 以下) Missing Authorization to Unauthenticated File Deletionの脆弱性

【plugin】『PayHere Payment Gateway Plugin for WooCommerce』(versions 2.3.9 以下) Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

【plugin】『Kunze Law』(versions 2.1 以下) Authenticated (Administrator+) Stored Cross-Site Scriptingの脆弱性

【plugin】『News and Blog Designer Bundle』(versions 1.1 以下) Unauthenticated Local File Inclusionの脆弱性

【plugin】『WP-CRM System – Manage Clients and Projects』(versions 3.4.5 以下) Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modificationの脆弱性

【plugin】『Stopwords for comments』(versions 1.1 以下) Missing Authorization to Cross-Site Request Forgeryの脆弱性

【plugin】『SpiceForms Form Builder』(versions 1.0 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

【plugin】『Perfit WooCommerce』(versions 1.0.1 以下) Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletionの脆弱性

【plugin】『GetContentFromURL』(versions 1.0 以下) Authenticated (Contributor+) Server-Side Request Forgery via ‘url’ Shortcode Attributeの脆弱性

【plugin】『SocialChamp with WordPress』(versions 1.3.3 以下) Cross-Site Request Forgery to Plugin Settings Updateの脆弱性

【plugin】『Gotham Block Extra Light』(versions 1.5.0 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settingsの脆弱性

【plugin】『Float Payment Gateway』(versions 1.1.9 以下) Improper Authorization to Unauthenticated Order Status Manipulationの脆弱性

【plugin】『GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation』(versions 1.1.7 以下) Unauthenticated Stored Cross-Site Scriptingの脆弱性

【plugin】『Gotham Block Extra Light』(versions 1.5.0 以下) Authenticated (Contributor+) Arbitrary File Read via ‘ghostban’ Shortcodeの脆弱性

【plugin】『Aplazo Payment Gateway』(versions 1.4.2 以下) Missing Authorization to Unauthenticated Order Status Manipulationの脆弱性

【plugin】『Electric Studio Download Counter』(versions 2.4 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parametersの脆弱性

【plugin】『PDF Resume Parser』(versions 1.0 以下) Unauthenticated Sensitive Information Disclosure in SMTP Credentialsの脆弱性

【plugin】『Short Link』(versions 1.0 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Pageの脆弱性

【plugin】『Makesweat』(versions 0.1 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via ‘makesweat_clubid’ Settingの脆弱性

【plugin】『Netcash WooCommerce Payment Gateway』(versions 4.1.3 以下) Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

【plugin】『WP Allowed Hosts』(versions 1.0.8 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via ‘allowed-hosts’ Parameterの脆弱性

【plugin】『Crush.pics Image Optimizer – Image Compression and Optimization』(versions 1.8.7 以下) Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updateの脆弱性

【plugin】『Responsive Accordion Slider』(versions 1.2.2 以下) Missing Authorization to Authenticated (Contributor+) Slider Update via ‘resp_accordion_silder_save_images’の脆弱性

【plugin】『Shipping Rates by City for WooCommerce』(versions 1.0.3 以下) Authenticated (Shop Manager+) SQL Injection via ‘cities’ Parameterの脆弱性

【plugin】『AJS Footnotes』(versions 1.0 以下) Unauthenticated Stored Cross-Site Scriptingの脆弱性

【plugin】『SearchWiz』(versions 1.0.0 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via Post Titleの脆弱性

【plugin】『Testimonials Creator』(versions 1.6 – 1.6) Authenticated (Admin+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Name Directory』(versions 1.30.3 以下) Unauthenticated Stored Cross-Site Scripting via Multiple Parametersの脆弱性

【plugin】『Sosh Share Buttons』(versions 1.1.0 以下) Cross-Site Request Forgeryの脆弱性

【plugin】『Real Post Slider Lite』(versions 2.4 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via Settingsの脆弱性

【plugin】『Integration Opvius AI for WooCommerce』(versions 1.3.0 以下) Unauthenticated Arbitrary File Deletion/Read via Path Traversalの脆弱性

【plugin】『LinkedIn SC』(versions 1.1.9 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Pageの脆弱性

【plugin】『Internal Link Builder』(versions 1.0 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin’s Settingsの脆弱性

【plugin】『LottieFiles – Lottie block for Gutenberg』(versions 3.0.0 以下) Unauthenticated Sensitive Information Exposureの脆弱性

【plugin】『Shield: Blocks Bots, Protects Users, and Prevents Security Breaches』(versions 21.0.9 以下)　Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticatorの脆弱性

【plugin】『All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic』(versions 4.9.2 以下)　Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosureの脆弱性

【plugin】『DK PDF – WordPress PDF Generator』(versions 2.3.0 以下)　Authenticated (Author+) Server-Side Request Forgeryの脆弱性

【plugin】『Cost Calculator Builder』(versions 3.6.9 以下)　Missing Authorization to Unauthenticated Payment Status Bypassの脆弱性

【plugin】『All-in-One Video Gallery』(versions 4.5.7 以下)　Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypassの脆弱性

【plugin】『Awesome Support – WordPress HelpDesk & Support Plugin』(versions 6.3.6 以下)　Missing Authorization to Unauthenticated Role Demotionの脆弱性

【plugin】『LEAV Last Email Address Validator』(versions 1.7.1 以下)　Cross-Site Request Forgery to Plugin Settings Updateの脆弱性

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下)　Unauthenticated Order Status Manipulationの脆弱性

【plugin】『RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging』(versions 5.0.10 以下)　Reflected Cross-Site Scripting via classNameの脆弱性

【plugin】『Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit』(versions 5.1.2 以下)　Missing Authorization to Unauthenticated Rede Order Logs Deletionの脆弱性

【plugin】『Membership Plugin – Restrict Content』(versions 3.2.16 以下)　Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposureの脆弱性

【plugin】『Booking Calendar』(versions 10.14.11 以下)　Missing Authorization to Sensitive Information Exposureの脆弱性

【plugin】『Essential Addons for Elementor – Popular Elementor Templates & Widgets』(versions 6.5.5 以下)　Missing Authorization to Unauthenticated Sensitive Information Exposureの脆弱性

【plugin】『Related Posts by Taxonomy』(versions 2.7.6 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via ‘related_posts_by_tax’ Shortcodeの脆弱性

【plugin】『Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin』(versions 1.6.9.9 以下)　Unauthenticated SQL Injection via `order` and `append_where_sql` Parametersの脆弱性

【plugin】『WP-Members Membership Plugin』(versions 3.5.4.3 以下)　Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fieldsの脆弱性

【plugin】『Drag and Drop Multiple File Upload for Contact Form 7』(versions 1.3.9.2 以下)　Missing Authorization to Unauthenticated File Deletionの脆弱性

【plugin】『PayHere Payment Gateway Plugin for WooCommerce』(versions 2.3.9 以下)　Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

【plugin】『Kunze Law』(versions 2.1 以下)　Authenticated (Administrator+) Stored Cross-Site Scriptingの脆弱性

【plugin】『News and Blog Designer Bundle』(versions 1.1 以下)　Unauthenticated Local File Inclusionの脆弱性

【plugin】『WP-CRM System – Manage Clients and Projects』(versions 3.4.5 以下)　Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modificationの脆弱性

【plugin】『Stopwords for comments』(versions 1.1 以下)　Missing Authorization to Cross-Site Request Forgeryの脆弱性

【plugin】『SpiceForms Form Builder』(versions 1.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodeの脆弱性

【plugin】『Perfit WooCommerce』(versions 1.0.1 以下)　Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletionの脆弱性

【plugin】『GetContentFromURL』(versions 1.0 以下)　Authenticated (Contributor+) Server-Side Request Forgery via ‘url’ Shortcode Attributeの脆弱性

【plugin】『SocialChamp with WordPress』(versions 1.3.3 以下)　Cross-Site Request Forgery to Plugin Settings Updateの脆弱性

【plugin】『Gotham Block Extra Light』(versions 1.5.0 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settingsの脆弱性

【plugin】『Float Payment Gateway』(versions 1.1.9 以下)　Improper Authorization to Unauthenticated Order Status Manipulationの脆弱性

【plugin】『GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation』(versions 1.1.7 以下)　Unauthenticated Stored Cross-Site Scriptingの脆弱性

【plugin】『Gotham Block Extra Light』(versions 1.5.0 以下)　Authenticated (Contributor+) Arbitrary File Read via ‘ghostban’ Shortcodeの脆弱性

【plugin】『Aplazo Payment Gateway』(versions 1.4.2 以下)　Missing Authorization to Unauthenticated Order Status Manipulationの脆弱性

【plugin】『Electric Studio Download Counter』(versions 2.4 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parametersの脆弱性

【plugin】『PDF Resume Parser』(versions 1.0 以下)　Unauthenticated Sensitive Information Disclosure in SMTP Credentialsの脆弱性

【plugin】『Short Link』(versions 1.0 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Pageの脆弱性

【plugin】『Makesweat』(versions 0.1 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via ‘makesweat_clubid’ Settingの脆弱性

【plugin】『Netcash WooCommerce Payment Gateway』(versions 4.1.3 以下)　Missing Authorization to Unauthenticated Order Status Modificationの脆弱性

【plugin】『WP Allowed Hosts』(versions 1.0.8 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via ‘allowed-hosts’ Parameterの脆弱性

【plugin】『Crush.pics Image Optimizer – Image Compression and Optimization』(versions 1.8.7 以下)　Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updateの脆弱性

【plugin】『Responsive Accordion Slider』(versions 1.2.2 以下)　Missing Authorization to Authenticated (Contributor+) Slider Update via ‘resp_accordion_silder_save_images’の脆弱性

【plugin】『Shipping Rates by City for WooCommerce』(versions 1.0.3 以下)　Authenticated (Shop Manager+) SQL Injection via ‘cities’ Parameterの脆弱性

【plugin】『AJS Footnotes』(versions 1.0 以下)　Unauthenticated Stored Cross-Site Scriptingの脆弱性

【plugin】『SearchWiz』(versions 1.0.0 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via Post Titleの脆弱性

【plugin】『Testimonials Creator』(versions 1.6 – 1.6)　Authenticated (Admin+) Stored Cross-Site Scriptingの脆弱性

【plugin】『Name Directory』(versions 1.30.3 以下)　Unauthenticated Stored Cross-Site Scripting via Multiple Parametersの脆弱性

【plugin】『Sosh Share Buttons』(versions 1.1.0 以下)　Cross-Site Request Forgeryの脆弱性

【plugin】『Real Post Slider Lite』(versions 2.4 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Settingsの脆弱性

【plugin】『Integration Opvius AI for WooCommerce』(versions 1.3.0 以下)　Unauthenticated Arbitrary File Deletion/Read via Path Traversalの脆弱性

【plugin】『LinkedIn SC』(versions 1.1.9 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Pageの脆弱性

【plugin】『Internal Link Builder』(versions 1.0 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin’s Settingsの脆弱性

【plugin】『LottieFiles – Lottie block for Gutenberg』(versions 3.0.0 以下)　Unauthenticated Sensitive Information Exposureの脆弱性