CVE-2025-23728 WordPress AuMenu plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in atelierhyper AuMenu aumenu allows Reflected XSS.This issue affects AuMenu: from n/a through = 1.1.5...

CVE-2025-23728

CVE-2025-23728 pertains to the WordPress AuMenu plugin (versions

CVE-2025-23666

CVE-2025-23666 is a Reflected Cross-Site Scripting vulnerability in the WordPress plugin Management-screen-droptiles (affected versions: from n/a through 1.0). Root cause: Improper neutralization of input during web page generation . Public references in the provided documents consistently identi...

CVE-2025-23638

CVE-2025-23638 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Frontend Post Submission (notFound frontend post submission), affecting versions from n/a up to and including 1.0. It is a NotFound variant noted in initial records and is classified as High severity (C...

CVE-2025-23546

CVE-2025-23546 describes a Reflected Cross-Site Scripting vulnerability in the WordPress plugin RDP inGroups+ (NotFound RDP inGroups+) affecting versions up to 1.0.6. The issue arises from improper input neutralization during web page generation, enabling reflected XSS. CVSS 3.1 vector shows: AV:...

CVE-2025-23459

CVE-2025-23459: Reflected Cross-Site Scripting in WordPress NS Simple Intro Loader (NotFound NS Simple Intro Loader)

CVE-2025-23460

CVE-2025-23460 affects the WordPress plugin RWS Enquiry And Lead Follow-up (NotFound) up to version 1.0 . The vulnerability is a Reflected Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. The description and metrics provided indicate a CVSS 3.1 base s...

CVE-2025-26924

Improper Control of Generation of Code 'Code Injection' vulnerability in colabrio Ohio Extra ohio-extra allows Code Injection.This issue affects Ohio Extra: from n/a through = 3.4.7...

CVE-2025-26554

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicola Mustone WP Discord Post wp-discord-post allows Reflected XSS.This issue affects WP Discord Post: from n/a through = 2.1.0...

CVE-2025-26972

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5...

CVE-2025-26548

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kdmurray Random Image Selector random-image-selector allows Reflected XSS.This issue affects Random Image Selector: from n/a through = 2.4...

CVE-2025-26555

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thorsten Ott Debug-Bar-Extender debug-bar-extender allows Reflected XSS.This issue affects Debug-Bar-Extender: from n/a through = 0.5...

CVE-2025-26972

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5...

CVE-2025-26978

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a through = 6.5.8...

CVE-2025-26924

Improper Control of Generation of Code 'Code Injection' vulnerability in colabrio Ohio Extra ohio-extra allows Code Injection.This issue affects Ohio Extra: from n/a through = 3.4.7...

CVE-2025-26940

Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2...

CVE-2025-26548

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kdmurray Random Image Selector random-image-selector allows Reflected XSS.This issue affects Random Image Selector: from n/a through = 2.4...

CVE-2025-26972

CVE-2025-26972 concerns the WordPress PrivateContent plugin (

CVE-2025-26978

CVE-2025-26978 : A SQL Injection in the WordPress FS Poster plugin affects versions up to 6.5.8. The root cause is improper neutralization of special elements in SQL commands. The vulnerability impacts confidentiality (high), and availability (low) but not integrity according to the provided metr...

CVE-2025-26961

CVE-2025-26961 affects the WordPress plugin “Fresh Framework” (versions up to 1.70.0). The issue is a Missing Authorization vulnerability that allows accessing functionality not properly constrained by ACLs due to inadequate authorization checks. The CVE describes unauthenticated access with high...