3443 matches found
CVE-2025-14378
The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...
CVE-2025-14378 Quick Testimonials <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...
CVE-2025-14378
CVE-2025-14378 : The WordPress plugin Quick Testimonials (
CVE-2025-14378 Quick Testimonials <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...
CVE-2025-14035
The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color options in the plugin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13975
The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-4970
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access an...
EUVD-2025-203053
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access an...
CVE-2025-4970 BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access an...
CVE-2025-4970 BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access an...
CVE-2025-4970
CVE-2025-4970 pertains to the WordPress plugin BSK PDF Manager and describes a Stored Cross-Site Scripting (XSS) via SVG file uploads in all versions up to 3.7.1. The issue arises from insufficient input sanitization and output escaping during SVG handling, allowing an authenticated attacker with...
EUVD-2025-202974
The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
CVE-2025-14467
The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.4. This is due to the plugin explicitly whitelisting the tag in its WPJOBPORTALALLOWEDTAGS configuration and using insufficient input sanitization when saving job...
CVE-2025-14035
The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color options in the plugin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-13975
The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13975
CVE-2025-13975: The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the api_token and roomid settings in all versions up to 1.1.0. The issue requires authenticated admin access and affects multisite installs and sites where unfiltered_html is dis...
CVE-2025-13975 Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings
The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13975 Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings
The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13971
CVE-2025-13971 affects the TWW Protein Calculator WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the Header setting in all versions up to and including 1.0.24, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated admini...
CVE-2025-14035 DebateMaster <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Color Options via 'debate' Shortcode
The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color options in the plugin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...