cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forplugin-central plugin-central

Direction: ascending
Jun 07, 2024

Plugin Central # dc94c84bbc7a71287b02b5d483cdf884e1ca2777

CVE, Research URL

dc94c84bbc7a71287b02b5d483cdf884e1ca2777

Home page URL

Security reports for Plugin Central

Application

Plugin Central

Date
Nov 24, 2015
Research Description
Plugin Central [plugin-central] < 2.5.1 (closed) WordPress Central Plugin <= 2.5 - Reflected Cross Site Scripting (XSS) Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Upgrade the plugin.
Affected versions
max 2.5.1.
Status
vulnerable
Apr 26, 2025

Plugin Central # CVE-2025-46439

CVE, Research URL

CVE-2025-46439

Home page URL

Security reports for Plugin Central

Application

Plugin Central

Date
Apr 24, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central plugin-central allows Path Traversal.This issue affects Plugin Central: from n/a through <= 2.5.1.
Affected versions
max 2.5.1.
Status
vulnerable
Jun 16, 2026

Plugin Central # 24bfa8d7-70ad-4b8e-90b2-0dac7aac75e7

CVE, Research URL

24bfa8d7-70ad-4b8e-90b2-0dac7aac75e7

Home page URL

Security reports for Plugin Central

Application

Plugin Central

Date
-
Research Description
Plugin Central [plugin-central] < 2.5.1 (closed) Plugin Central &lt;= 2.5 - Authenticated Reflected Cross-Site Scripting (XSS) The Plugin Central WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
Affected versions
max 2.5.1.
Status
vulnerable

Plugin Central # 41f6baacade59adc0f9c5ca551dc9f8fa998bf9e

CVE, Research URL

41f6baacade59adc0f9c5ca551dc9f8fa998bf9e

Home page URL

Security reports for Plugin Central

Application

Plugin Central

Date
Nov 24, 2015
Research Description
Plugin Central [plugin-central] < 2.5.1 (closed) Plugin Central < 2.5.1 - Reflected Cross-Site Scripting The Plugin Central plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘file' and 'name' parameters in versions before 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 2.5.1.
Status
vulnerable