920 matches found
CVE-2025-23945
CVE-2025-23945 affects the WordPress Popliup plugin up to version 1.1.1. The issue is an improper control of filename for include/require in a PHP program, enabling local file inclusion (LFI) through PHP Remote File Inclusion mechanics. The vulnerability stems from the plugin’s handling of includ...
CVE-2025-23904
CVE-2025-23904 concerns the WordPress/Rebrand Fluent Forms plugin (versions
CVE-2025-23881
CVE-2025-23881 concerns the WordPress plugin LJ Custom Menu Links (versions
CVE-2025-23847
CVE-2025-23847 concerns the WordPress Site Launcher plugin (versions up to 0.9.4) where a Reflected XSS flaw arises from improper input neutralization during web page generation . This affects the Site Launcher plugin on WordPress sites and can reflect user-supplied input in a page, enabling pote...
CVE-2025-23850
The CVE-2025-23850 entry describes a Reflected XSS in the WordPress plugin Mojo Under Construction, affecting versions up to 1.1.2. Root cause: improper neutralization of input during web page generation (input handling leading to reflected script execution). Impact is reflected XSS with low to m...
CVE-2025-23753
The CVE-2025-23753 issue concerns the WordPress plugin DN Sitemap Control (NotFound DN Sitemap Control). Affected component: the plugin’s web page generation path that allows input handling leading to a Reflected Cross-Site Scripting (XSS) vulnerability. Root cause: improper neutralization of inp...
CVE-2025-23762
CVE-2025-23762 affects the WordPress plugin DsgnWrks Twitter Importer (versions
CVE-2025-23741
CVE-2025-23741 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Notifications Center . Affected versions are up to and including 1.5.2 . The issue arises from improper neutralization of input during web page generation, enabling reflected XSS. CVSS‑3.1 data shows: A...
CVE-2025-23739
CVE-2025-23739 is a Reflected Cross-Site Scripting vulnerability in the WordPress plugin WP Ultimate Reviews FREE (NotFound) affecting versions up to 1.0.2. The issue results from improper neutralization of input during web page generation. The available documents confirm the vulnerability and im...
CVE-2025-23726
The CVE-2025-23726 entry concerns the WordPress ComparePress plugin (versions up to and including 2.0.8). The root cause is improper input neutralization during web page generation, enabling reflected cross-site scripting (XSS). Affected component: ComparePress plugin input handling; vulnerabilit...
CVE-2025-23740
CVE-2025-23740 describes a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Easy School Registration (versions up to and including 3.9.8). The root cause is Improper Neutralization of Input During Web Page Generation . Affected software is the WordPress Easy School Regis...
CVE-2025-23736
CVE-2025-23736 concerns the WordPress Form To JSON plugin (versions
CVE-2025-23716
The CVE-2025-23716 entry concerns the WordPress Login Watchdog plugin (versions up to 1.0.4). Affected component: the plugin’s input handling during web page generation, with a root cause described as improper neutralization of input, leading to stored Cross-Site Scripting (XSS). Reported impact ...
CVE-2025-23721
CVE-2025-23721 affects the WordPress Mobigate plugin (versions up to and including 1.0.3). The vulnerability is a Reflected Cross‑Site Scripting (XSS) issue caused by improper input neutralization during web page generation. The provided documents do not specify affected product versions beyond 1...
CVE-2025-23718
CVE-2025-23718 concerns the WordPress Mancx AskMe Widget plugin (versions
CVE-2025-23670
CVE-2025-23670 is a Reflected Cross-Site Scripting vulnerability in the WordPress plugin '4 author cheer up donate' (versions up to 1.3). Affected component is the plugin’s input handling during web page generation, enabling JavaScript execution via reflected payloads. The NVD data lists CVSS v3....
CVE-2025-23637
CVE-2025-23637 affects the WordPress plugin 新淘客WordPress插件 up to version 1.1.2. The root cause is Improper Neutralization of Input During Web Page Generation, yielding Reflected XSS in NotFound 新淘客WordPress插件. Reported details confirm a Reflected XSS vulnerability with CVSSv3.1 base score 7.1 (HI...
CVE-2025-23619
CVE-2025-23619 refers to a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Catch Duplicate Switcher (versions
CVE-2025-23616
CVE-2025-23616 affects the WordPress Canalplan plugin (versions up to and including 5.31). The issue is an improper neutralization of input during web page generation, causing a reflected Cross-Site Scripting (XSS) vulnerability. Exploitation requires user interaction, and the CVSSv3.1 vector is ...
CVE-2025-23613
WordPress WP Journal plugin