CVE-2025-3750 Network Posts Extended <= 7.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via post_height Parameter

The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘postheight’ parameter in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-4610 WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmemusermemberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2023-39780

On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /startapply.htm qosbwrulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the...

CVE-2025-4169 Posts per Cat [Unmaintained] <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Posts per Cat Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ppc' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-7297

The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-4591 Weluka Lite <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'weluka-map' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for...

CVE-2024-12120 Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget displaymessagetext parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-4055 Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode

The Multiple Post Type Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mpto' shortcode in all versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure

The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

PT-2025-20272 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying...

CVE-2025-3610 Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update

The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticat...

CVE-2025-4279 External image replace <= 1.0.8 - Authenticated (Contributor+) Arbitrary File Upload

The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'externalimagereplacegetposts::replacepost' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with...

CVE-2024-13859 BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bpnouveauajaxmediasave’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-3510 tagDiv Composer <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2025-3890 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpcartbutton' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2025-3521 Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social Link icons in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping. This makes i...

CVE-2025-4099 List Children <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listchildren' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-1304 NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-24343

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request...