This page collects WhisperX intelligence signals tagged #plugin-vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A confirmed stored cross-site scripting vulnerability in the Sermon Manager WordPress plugin remains without an upstream patch, leaving websites vulnerable to authenticated attacks that execute malicious code in every visitor's browser. CVE-2025-12368 carries a CVSS score of 6.4 (Medium), but security researchers have ...
A critical access control failure in a WordPress plugin allows any authenticated user with Subscriber privileges to retrieve all admin-level notices, including those containing sensitive security information. The vulnerability, cataloged as [VULN-1-001], exposes plugin vulnerability alerts, failed login summaries, data...
Wordfence threat intelligence researchers have disclosed critical security vulnerabilities in the Avada Builder WordPress plugin, a widely deployed page builder tool, potentially exposing approximately one million WordPress installations to remote attacks. The flaws combine an arbitrary file read vulnerability and a SQ...