Category: vulnerabilities

Overview Description (based on CVE.org): The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block’s entrance_animation attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to…

Overview Description (based on CVE.org): The Yoco Payments plugin for WordPress contains a path traversal vulnerability affecting all versions up to and including 3.8.8. This issue allows unauthenticated attackers to read arbitrary files from the server filesystem, which may result in the disclosure of sensitive information. Vulnerability Software: Yoco Payments Type: WordPress Plugin Affected Versions:…

Privilege Escalation Overview CVE-2025-13820 is a critical vulnerability in the WordPress plugin wpDiscuz versions prior to 7.6.40 that allows unauthenticated attackers to escalate privileges via the Disqus OAuth integration, resulting in full account takeover on the affected WordPress site. Vulnerability Software: wpDiscuz Type: WordPress Plugin Affected Versions: < 7.6.40 Affected Component: Social Login (Disqus OAuth…