#wordpress

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress.

Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.

Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress.

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress.

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.

A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said. BackupBuddy allows users to back up their entire WordPress installation from within the

Site backup plugin developer issues patch following reports of millions of exploit attempts

WordPress BackupBuddy plugin versions 8.5.8.0 through 8.7.4.1 suffer from an arbitrary file read and download vulnerability.

Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress.