CVE-2025-31461

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mayeenul Islam NanoSupport nanosupport allows Reflected XSS.This issue affects NanoSupport: from n/a through = 0.6.0...

CVE-2025-31455

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ralxz Limit Max IPs Per User limit-max-ips-per-user allows DOM-Based XSS.This issue affects Limit Max IPs Per User: from n/a through = 1.5...

CVE-2025-31445

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sed Lex Pages Order pages-order allows Reflected XSS.This issue affects Pages Order: from n/a through = 1.1.3...

CVE-2025-31431

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in conlabz GmbH WP Bookmarks wp-bookmarks allows Reflected XSS.This issue affects WP Bookmarks: from n/a through = 1.1...

CVE-2025-30554

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abhishek Kumar Frizzly frizzly allows Reflected XSS.This issue affects Frizzly: from n/a through = 1.1.0...

CVE-2025-31409

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a...

CVE-2025-30589

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dourou Flickr set slideshows flickr-set-slideshows allows SQL Injection.This issue affects Flickr set slideshows: from n/a through = 0.9...

CVE-2025-30563

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in makong Tidekey tidekey allows Reflected XSS.This issue affects Tidekey: from n/a through = 1.1...

CVE-2025-30594

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in samsk Include URL include-url allows Path Traversal.This issue affects Include URL: from n/a through = 0.3.5...

CVE-2025-30594 WordPress Include URL plugin <= 0.3.5 Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in samsk Include URL include-url allows Path Traversal.This issue affects Include URL: from n/a through = 0.3.5...

CVE-2025-30589

CVE-2025-30589 describes an SQL Injection in Flickr set slideshows for WordPress, due to improper neutralization of SQL elements. Affected: Flickr set slideshows plugin (WordPress); versions from n/a through 0.9. Attack vector: authenticated (Subscriber+) access. Impact per entry: high confidenti...

PT-2025-14079 · Unknown · Notfound Bridge Core

Name of the Vulnerable Software and Affected Versions: NotFound Bridge Core affected versions not specified Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...

PT-2025-14415 · Unknown · Notfound Nanosupport

Name of the Vulnerable Software and Affected Versions: NotFound NanoSupport versions 0.6.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

PT-2025-14413 · Unknown · Notfound Delete Post Revision

Name of the Vulnerable Software and Affected Versions: NotFound Delete Post Revision versions n/a through 1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables an attacker ...

PT-2025-14037 · Unknown · Notfound Flickr Set Slideshows

Name of the Vulnerable Software and Affected Versions: NotFound Flickr set slideshows versions 0.9 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2025-31043

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.7...

CVE-2025-31016

JetWooBuilder (JetWooBuilder for Elementor)

CVE-2025-22523

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through = 1.0.0...

CVE-2025-22360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in promact WP Azure offload wp-azure-offload allows Reflected XSS.This issue affects WP Azure offload: from n/a through = 2.0...

CVE-2025-22526

Deserialization of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object Injection.This issue affects PHP/MySQL CPU performance statistics: from n/a through = 1.2.1...