920 matches found
CVE-2025-26566
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Frank In Stock Mailer for WooCommerce in-stock-mailer-for-woocommerce allows Reflected XSS.This issue affects In Stock Mailer for WooCommerce: from n/a through = 2.1.1...
CVE-2025-26560
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KKWangen WP Contact Form III wp-contact-form-iii allows Reflected XSS.This issue affects WP Contact Form III: from n/a through = 1.6.2d...
CVE-2025-26546
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pixelpro Cookies Pro cookies-pro allows Reflected XSS.This issue affects Cookies Pro: from n/a through = 1.0...
CVE-2025-22566
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendyourweb ULTIMATE VIDEO GALLERY ultimate-gallery allows Reflected XSS.This issue affects ULTIMATE VIDEO GALLERY: from n/a through = 1.4...
CVE-2025-22526
Deserialization of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object Injection.This issue affects PHP/MySQL CPU performance statistics: from n/a through = 1.2.1...
CVE-2025-22523
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through = 1.0.0...
CVE-2025-22360
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in promact WP Azure offload wp-azure-offload allows Reflected XSS.This issue affects WP Azure offload: from n/a through = 2.0...
CVE-2024-54291
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through = 0.9.10...
CVE-2025-22523 WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through = 1.0.0...
CVE-2025-22360
CVE-2025-22360 is a reflected XSS in the WP Azure offload plugin (NotFound WP Azure offload) via improper input neutralization in web page generation. Affected: WP Azure offload versions up to 2.0 (no fixed version details provided in the supplied docs). CVSSv3.1 base score 7.1 (HIGH). No explici...
CVE-2024-54291 WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through = 0.9.10...
CVE-2025-28939
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in EuroCizia WP Google Calendar Manager wp-gcalendar allows Blind SQL Injection.This issue affects WP Google Calendar Manager: from n/a through = 2.1...
CVE-2025-28934
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chaozh Simple Post Series simple-post-series allows Reflected XSS.This issue affects Simple Post Series: from n/a through = 2.4.4...
CVE-2025-28921
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in homejunction SpatialMatch IDX spatialmatch-free-lifestyle-search allows Reflected XSS.This issue affects SpatialMatch IDX: from n/a through = 3.0.9...
CVE-2025-28916
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Rashid Docpro docpro allows PHP Local File Inclusion.This issue affects Docpro: from n/a through = 2.0.1...
CVE-2025-28898
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows SQL Injection.This issue affects WP Multistore Locator: from n/a through = 2.5.2...
CVE-2025-28903
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hectorgarrofe Driving Directions ddirections allows Reflected XSS.This issue affects Driving Directions: from n/a through = 1.4.4...
CVE-2025-28917
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in crazyloong Custom Smilies custom-smilies-se allows Stored XSS.This issue affects Custom Smilies: from n/a through = 2.9.2...
CVE-2025-28893
Improper Control of Generation of Code 'Code Injection' vulnerability in Govind Visual Text Editor visual-text-editor allows Remote Code Inclusion.This issue affects Visual Text Editor: from n/a through = 1.2.1...
CVE-2025-28889
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in starblank Custom Product Stickers for Woocommerce custom-product-stickers-for-woocommerce allows Reflected XSS.This issue affects Custom Product Stickers for Woocommerce: from n/a through = 1.9.0...