920 matches found
CVE-2025-26940
A concrete vulnerability entry: CVE-2025-26940 is a path traversal flaw in the WordPress plugin Pie Register Premium, affecting versions up to 3.8.3.2. The issue is described across multiple connected sources as a path traversal vulnerability that can lead to non-arbitrary file deletion. The root...
CVE-2025-26924
The CVE-2025-26924 entry concerns WordPress Ohio Extra (and related NotFound Ohio Extra) with versions n/a through 3.4.7 affected by an Improper Generation of Code (Code Injection) due to shortcode handling. The vulnerability enables code injection via shortcodes. Public details confirm affected ...
CVE-2025-26555
CVE-2025-26555 concerns WordPress Debug-Bar-Extender with a Reflected XSS in versions
CVE-2025-26554 WordPress WP Discord Post Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicola Mustone WP Discord Post wp-discord-post allows Reflected XSS.This issue affects WP Discord Post: from n/a through = 2.1.0...
CVE-2025-26548
CVE-2025-26548 is a WordPress Random Image Selector plugin vulnerability: Reflected XSS due to improper input neutralization during page generation. Affected versions are up to 2.4; no remediation details are provided in the supplied documents.
CVE-2025-26936
Improper Control of Generation of Code 'Code Injection' vulnerability in FRESHFACE Fresh Framework fresh-framework allows Code Injection.This issue affects Fresh Framework: from n/a through = 1.70.0...
CVE-2025-26936
CVE-2025-26936 is linked to the WordPress Fresh Framework plugin (versions up to 1.70.0). Multiple connected sources confirm an Unauthenticated Remote Code Execution (RCE) vulnerability arising from improper control/generation of code, enabling code injection by unauthenticated attackers. The iss...
CVE-2025-25115
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zeshan Abdullah Like dislike plus counter like-dislike-plus-counter allows Stored XSS.This issue affects Like dislike plus counter: from n/a through = 1.0...
CVE-2025-25137
Cross-Site Request Forgery CSRF vulnerability in kareemsultan Social Links social-links allows Stored XSS.This issue affects Social Links: from n/a through = 1.0.11...
CVE-2025-25131
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in randyjensen RJ Quickcharts rj-quickcharts allows Stored XSS.This issue affects RJ Quickcharts: from n/a through = 0.6.1...
CVE-2025-25084
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in antrouss UniTimetable unitimetable allows Stored XSS.This issue affects UniTimetable: from n/a through = 1.1...
CVE-2025-23613
Missing Authorization vulnerability in mediabeta WP Journal wpjournal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Journal: from n/a through = 1.1...
CVE-2025-27274
Path Traversal: '.../...//' vulnerability in axelkeller GPX Viewer gpx-viewer allows Path Traversal.This issue affects GPX Viewer: from n/a through = 2.2.11...
CVE-2025-25133
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in newbiesup WP Frontend Submit wp-frontend-submit allows Reflected XSS.This issue affects WP Frontend Submit: from n/a through = 1.1.0...
CVE-2025-25070
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ed atrero Album Reviewer albumreviewer allows Stored XSS.This issue affects Album Reviewer: from n/a through = 2.0.2...
CVE-2025-25119
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alejandro Aranda Woocommerce osCommerce Sync woo-oscommerce-sync allows Reflected XSS.This issue affects Woocommerce osCommerce Sync: from n/a through = 2.0.20...
CVE-2025-25083
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dave Lavoie EP4 More Embeds ep4-more-embeds allows Stored XSS.This issue affects EP4 More Embeds: from n/a through = 1.0.0...
CVE-2025-25164
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yuichiro ABE Meta Accelerator meta-accelerator allows Reflected XSS.This issue affects Meta Accelerator: from n/a through = 1.0.4...
CVE-2025-25162
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in kutu62 Sports Rankings and Lists sports-rankings-lists allows Absolute Path Traversal.This issue affects Sports Rankings and Lists: from n/a through = 1.0.2...
CVE-2025-25109
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in JoomSky WP Vehicle Manager js-vehicle-manager allows PHP Local File Inclusion.This issue affects WP Vehicle Manager: from n/a through = 3.1...