CVE-2025-11265

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnitctaurl' and 'vkExUnitctabuttontext' parameters in all versions up to, and including, 9.112.1. This is due to a logic error in the CTA save function that reads sanitization callbacks...

CVE-2025-11265 VK All in One Expansion Unit <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnitctaurl' and 'vkExUnitctabuttontext' parameters in all versions up to, and including, 9.112.1. This is due to a logic error in the CTA save function that reads sanitization callbacks...

CVE-2025-11265 VK All in One Expansion Unit <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnitctaurl' and 'vkExUnitctabuttontext' parameters in all versions up to, and including, 9.112.1. This is due to a logic error in the CTA save function that reads sanitization callbacks...

PT-2025-47247

Name of the Vulnerable Software and Affected Versions VK All in One Expansion Unit plugin for WordPress versions prior to 9.112.1 Description The software is susceptible to Stored Cross-Site Scripting through the vkExUnit cta url and vkExUnit cta button text parameters. This is caused by a logic...

WordPress Save as PDF Button plugin cross-site scripting vulnerability

The WordPress Save as PDF Button plugin is a tool that adds one-click PDF generation functionality to WordPress websites, allowing visitors to save web content e.g., articles, product pages, etc. as PDF files with the click of a button. WordPress Save as PDF Button plugin has a cross-site scripti...

CLSA-2025-1763124505 xorg-x11-server-Xwayland: Fix of CVE-2023-6816

CVE-2023-6816: fix heap buffer overflow in logical button map allocation, allocate sufficient space for maximum button mappings up to 255...

CVE-2025-8397

The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8397

The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8397 Save as PDF Button <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via restpackpdfbutton Shortcode

The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8397

The CVE concerns the WordPress plugin Save as PDF Button. All versions up to 1.9.2 are vulnerable to Stored Cross-Site Scripting via the restpackpdfbutton shortcode due to insufficient sanitization/escaping of user attributes. Authenticated attackers with contributor-level access (or higher) can ...

PT-2025-46794

Name of the Vulnerable Software and Affected Versions Save as PDF Button plugin for WordPress versions prior to 1.9.3 Description The software has a flaw due to insufficient input sanitization and output escaping on user-supplied attributes within the restpackpdfbutton shortcode. This allows...

CVE-2025-63638

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...

CVE-2025-63638

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...

WordPress Download Counter Button plugin <= 1.8.6.7 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Download Counter Button versions = 1.8.6.7...

CVE-2025-11072

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files...

CVE-2025-11072 Download Counter Button <= 1.8.6.7 - Unauthenticated Arbitrary File Download

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files...

CVE-2025-11072 Download Counter Button <= 1.8.6.7 - Unauthenticated Arbitrary File Download

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files...

WordPress plugin MelAbu WP Download Counter Button 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-11587

The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...

EUVD-2025-36640

The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with...