920 matches found
CVE-2025-25161
CVE-2025-25161 concerns the WordPress plugin WP Find Your Nearest (v <= 0.3.1). The connected Red Hat and CVE records describe a CSRF to Settings Change vulnerability that can be exploited to modify plugin settings, implying an unauthorized action may be performed by an attacker authenticated ...
CVE-2025-25158
CVE-2025-25158 is a reflected Cross-Site Scripting vulnerability in WordPress Uncomplicated SEO plugin (versions
CVE-2025-25142
CVE-2025-25142 describes a Stored XSS vulnerability in the WordPress WP Less Compiler plugin (versions up to 1.3.0). The issue arises from improper neutralization of input during web page generation, allowing attacker-supplied input to be stored and later reflected in pages. The advisory lists WP...
CVE-2025-25162
The CVE-2025-25162 entry concerns WordPress Sports Rankings and Lists plugin (versions up to 1.0.2; CVE-2025-25162) with an Arbitrary File Download vulnerability via path traversal. Public sources (Wordfence, CVE records) indicate the vulnerability affects Sports Rankings and Lists and is current...
CVE-2025-25129
The CVE-2025-25129 entry relates to a WordPress plugin issue: Callback Request (NotFound Callback Request) vulnerability tracked as CVE-2025-25129, affecting versions <= 1.4. The root cause is improper input neutralization during web page generation, enabling reflected cross-site scripting (XS...
CVE-2025-25137
CVE-2025-25137 refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Social Links plugin, affecting versions up to 1.0.11. The issue stems from improper input handling during web page generation, enabling stored XSS as described in Red Hat and NVD entries. Publicly availabl...
CVE-2025-25133
CVE-2025-25133 describes a Reflected Cross-Site Scripting vulnerability in the WordPress WP Frontend Submit plugin (affecting versions from n/a through 1.1.0). Technical details in connected sources confirm the issue: improper input handling during web page generation enabling XSS. CVSS v3.1 base...
CVE-2025-25118
CVE-2025-25118 is a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin WPOptin Top Bar – PopUps, affecting versions up to 2.0.8. The issue is an improper neutralization of input during web page generation, yielding a reflected XSS condition. Affected product: WPOptin – AI-Powered To...
CVE-2025-25121
CVE-2025-25121 is linked to the WordPress Theme Options Z plugin and is documented as a Cross-Site Forgery (CSRF) vulnerability affecting Theme Options Z versions up to 1.4. The connected sources (Red Hat, NVD, CVE listings) indicate a CSRF issue, with related mentions of possible downstream impa...
CVE-2025-25119
CVE-2025-25119 is a Cross-Site Scripting vulnerability in the WordPress plugin WooCommerce osCommerce Sync (NotFound)
CVE-2025-25109
CVE-2025-25109 affects WP Vehicle Manager
CVE-2025-25112
CVE-2025-25112 affects the WordPress Social Links plugin (vulnerable
CVE-2025-25115
CVE-2025-25115 concerns the WordPress plugin Like dislike plus counter (also listed as Like Dislike Buttons) with a Cross-Site Scripting (XSS) vulnerability that allows stored XSS. The vulnerability affects version
CVE-2025-25084
The CVE-2025-25084 entry concerns the WordPress UniTimetable plugin, affected versions are
CVE-2025-23956 WordPress WP Easy Post Mailer Plugin <= 0.64 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Richard Leishman WP Easy Post Mailer wp-mailer allows Reflected XSS.This issue affects WP Easy Post Mailer: from n/a through = 0.64...
CVE-2025-25070
CVE-2025-25070 is a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Album Reviewer (NotFound/Album Reviewer) affecting versions up to 2.0.2. The issue arises from improper input neutralization during web page generation, enabling stored XSS. Public details indicate an expl...
CVE-2025-25083
Summary: CVE-2025-25083 affects the WordPress EP4 More Embeds plugin (versions <= 1.0.0). The vulnerability is a Stored Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. Affected software: WordPress EP4 More Embeds plugin (
CVE-2025-23945 WordPress Popliup Plugin <= 1.1.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Webliup Popliup popliup allows PHP Local File Inclusion.This issue affects Popliup: from n/a through = 1.1.1...
CVE-2025-23852 WordPress First Comment Redirect plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in robin90 First Comment Redirect first-comment-redirect allows Reflected XSS.This issue affects First Comment Redirect: from n/a through = 1.0.3...
CVE-2025-23852
CVE-2025-23852 concerns the WordPress First Comment Redirect plugin (versions