3443 matches found
EUVD-2025-60965
The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and abov...
EUVD-2025-60953
The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible fo...
EUVD-2025-60922
The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
CVE-2025-12632
The RandomQuotr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2025-12631
The Squirrels Auto Inventory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-12019
The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
CVE-2025-12020
The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2025-12019 Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
CVE-2025-12019
CVE-2025-12019 affects the WordPress Featured Image plugin (versions up to 2.1). It is a Stored XSS via image metadata, requiring an authenticated attacker with administrator+ privileges, and applies to multi-site setups or sites with unfiltered_html disabled. The Wordfence report confirms the vu...
CVE-2025-12019 Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
CVE-2025-12631 Squirrels Auto Inventory <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
The Squirrels Auto Inventory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-12631 Squirrels Auto Inventory <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
The Squirrels Auto Inventory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-12020 Double the Donation <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2025-12020
The CVE-2025-12020 entry concerns the WordPress plugin Double the Donation. The connected documents provide concrete details: the plugin versions up to and including 2.0.0 are vulnerable to Stored Cross-Site Scripting via admin settings, caused by insufficient input sanitization and output escapi...
CVE-2025-12020 Double the Donation <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2025-12538 Fleet Manager <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting
The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and abov...
CVE-2025-12538
CVE-2025-12538 relates to the WordPress plugin Fleet Manager. The vulnerability is a Stored Cross‑Site Scripting (Stored XSS) in admin settings, affecting versions up to and including 2.5.1. Exploitation requires an attacker with at least editor-level permissions and only impacts multisite instal...
CVE-2025-12538 Fleet Manager <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting
The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and abov...
CVE-2025-12632 RandomQuotr <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
The RandomQuotr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2025-12632 RandomQuotr <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
The RandomQuotr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...