920 matches found
CVE-2025-24744
Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3...
CVE-2025-24653
Missing Authorization vulnerability in NotFound Admin and Site Enhancements ASE Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements ASE Pro: from n/a through 7.6.1.1...
CVE-2025-23752
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Clifton Griffin CGD Arrange Terms shopp-arrange allows Reflected XSS.This issue affects CGD Arrange Terms: from n/a through = 1.1.3...
CVE-2025-24744
CVE-2025-24744 corresponds to a Missing Authorization (Broken Access) vulnerability in WordPress Bridge Core. The CVE note and Red Hat/Wordfence-related entries consistently describe it as affecting Bridge Core versions up to 3.3. The connected sources confirm the issue is a Missing Authorization...
CVE-2025-24653
CVE-2025-24653 concerns a Missing Authorization vulnerability in WordPress Admin and Site Enhancements (ASE) Pro, classified as a Broken Access Control issue affecting ASE Pro versions up to 7.6.1.1. The CVE entry lists a CVSS v3.1 base score of 4.3 (Medium) with NETWORK attack vector and LOW pri...
CVE-2025-23752
CVE-2025-23752 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin CGD Arrange Terms (NotFound CGD Arrange Terms). Affected versions are 1.1.3 and earlier (listed as from n/a through 1.1.3). The root cause is Improper Neutralization of Input During Web Page Generation,...
CVE-2025-22513
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Simple Locator simple-locator allows Reflected XSS.This issue affects Simple Locator: from n/a through = 2.0.4...
PT-2025-5556 · Unknown · Notfound Bridge Core
Name of the Vulnerable Software and Affected Versions: NotFound Bridge Core versions n/a through 3.3 Description: The issue is related to a Missing Authorization vulnerability in NotFound Bridge Core. This vulnerability affects the authorization process, potentially allowing unauthorized access...
CVE-2025-23838
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rally Vincent Bauernregeln bauernregeln allows Reflected XSS.This issue affects Bauernregeln: from n/a through = 1.0.1...
CVE-2025-23837
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in martinjuhasz One Backend Language one-backend-language allows Reflected XSS.This issue affects One Backend Language: from n/a through = 1.0...
CVE-2025-23839
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Asif Shakeel Sticky Button sticky-chat-button allows Stored XSS.This issue affects Sticky Button: from n/a through = 1.0...
CVE-2025-23737
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thobian Network-Favorites network-favorites allows Reflected XSS.This issue affects Network-Favorites: from n/a through = 1.1...
CVE-2025-23885
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anildhiman MJ Contact us mj-contact-us allows Reflected XSS.This issue affects MJ Contact us: from n/a through = 5.2.3...
CVE-2025-23621
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in algothemes Causes – Donation Plugin causes allows Reflected XSS.This issue affects Causes – Donation Plugin: from n/a through = 1.0.01...
CVE-2025-23622
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sabuj Kundu CBX Accounting & Bookkeeping cbxwpsimpleaccounting allows Reflected XSS.This issue affects CBX Accounting & Bookkeeping: from n/a through = 1.3.14...
CVE-2025-23422
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in moaluko Store Locator store-locator allows PHP Local File Inclusion.This issue affects Store Locator: from n/a through = 3.98.10...
CVE-2025-23885
CVE-2025-23885 refers to a Reflected XSS in the WordPress plugin MJ Contact us (through version 5.2.3). The vulnerability arises from improper neutralization of input during web page generation, enabling attacker-supplied input to be reflected in pages served to users. Public sources in the conne...
CVE-2025-23838
CVE-2025-23838 is a Reflected XSS in the WordPress Bauernregeln plugin NotFound, affecting versions n/a–1.0.1 (per sources from NVD/Red Hat) and publicly documented as a WordPress plugin vulnerability. The linked Red Hat/NVD entries confirm the same description and affected range. The PTSecurity ...
CVE-2025-23737
CVE-2025-23737 describes a Reflected XSS in WordPress Network-Favorites (NotFound Network-Favorites) caused by improper input neutralization during web page generation. Affected products: Network-Favorites up to version 1.1 (as per multiple sources). Impact notes in the CVE context indicate refle...
CVE-2025-23622
CVE-2025-23622 corresponds to a Reflected XSS in the WordPress CBX Accounting & Bookkeeping plugin (versions n/a through 1.3.14). The issue stems from improper input neutralization during web page generation. Public sources (Red Hat and CVE feed) confirm the affected product/version and describe ...