CVE-2025-32923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoodLayers Tourmaster tourmaster allows Reflected XSS.This issue affects Tourmaster: from n/a through 5.4.1...

CVE-2025-30984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dzynit SEO Tools seo-automatic-seo-tools allows Reflected XSS.This issue affects SEO Tools: from n/a through = 4.0.7...

CVE-2025-30966

Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a...

CVE-2025-30970

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scottwallick Easy Contact easy-contact allows Reflected XSS.This issue affects Easy Contact: from n/a through = 0.1.2...

CVE-2025-27008

Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a through 1.6.1...

CVE-2025-26870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through = 3.6.4.1...

CVE-2025-22263

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through 8.8.0...

CVE-2025-32923

CVE-2025-32923 concerns the WordPress plugin Tourmaster (Tour Master – Tour Booking, Travel, Hotel) prior to version 5.4.1. It is a reflected XSS caused by improper input neutralization during web page generation. A fix is available in version 5.4.1 (patched).

CVE-2025-30984

CVE-2025-30984 describes a Reflected XSS in the WordPress SEO Tools (NotFound SEO Tools) plugin, with impact on SEO Tools versions up to 4.0.7. Public references (NVD/CVEs) show a CVSS v3.1 base score of 7.1 (HIGH), attack vector NETWORK, no privileges required, user interaction REQUIRED, and imp...

CVE-2025-30967

CVE-2025-30967 is a CSRF-to-Remote Code Execution flaw in WP Job Board (notFound) affecting WP Job Board versions prior to 5.11.1. The advisory lists a high severity (CVSS 3.1: 9.6, Confidentiality/Integrity/Availability all High). Mitigation: upgrade to WP Job Board 5.11.1 or later, which patche...

CVE-2025-30962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a through = 6.5.8...

CVE-2025-26894

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mobeen Abdullah Coming Soon, Maintenance Mode site-mode allows PHP Local File Inclusion.This issue affects Coming Soon, Maintenance Mode: from n/a through = 1.1.1...

CVE-2025-26958

Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through = 2.4.3...

CVE-2025-26744

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlog jet-blog allows DOM-Based XSS.This issue affects JetBlog: from n/a through = 2.4.3...

CVE-2025-30985

CVE-2025-30985 involves Deserialization of Untrusted Data in the GNUCommerce WordPress plugin, enabling PHP Object Injection. Affected: GNUCommerce versions n/a through 1.5.4. CVSSv3.1 base score 9.8 (CRITICAL). Exploitation status not provided in the connected documents; no remediation details a...

CVE-2025-30962

CVE-2025-30962 – FS Poster (WordPress) Reflected XSS : The vulnerability affects FS Poster versions up to and including 6.5.8. It is caused by improper neutralization of input during web page generation, enabling reflected cross-site scripting. According to the provided sources, the issue has a h...

CVE-2025-26958

CVE-2025-26958 affects the WordPress Crocoblock JetBlog (JetBlog for Elementor) up to version 2.4.3. The issue is a Missing Authorization vulnerability that permits accessing functionality not properly constrained by ACLs. Reported across multiple sources (including Patchstack and CVE registries)...

CVE-2025-26942

CVE-2025-26942 (JetTricks plugin) : Affected Product/Version: Crocoblock JetTricks plugin up to and including 1.5.1. Root cause: Missing/relaxed authorization enabling Accessing Functionality Not Properly Constrained by ACLs. Impact: Missing Authorization vulnerability could allow unauthorized ac...

CVE-2025-26744

CVE-2025-26744 is an authenticated stored XSS vulnerability in JetBlog for Elementor. Affected software is JetBlog up to version 2.4.3 (noted as up to 2.4.3 in sources). Wordfence documentation indicates the issue was addressed with JetBlog 2.4.3 (patched). The connected documents also reference ...

PT-2025-16509 · Unknown · Macro Calculator With Admin Email Optin & Data

Name of the Vulnerable Software and Affected Versions: NotFound Macro Calculator with Admin Email Optin & Data versions n/d through 1.0 Description: The issue concerns exposure of sensitive system information to an unauthorized control sphere. This problem affects the Macro Calculator with Admin...