920 matches found
CVE-2025-23422
CVE-2025-23422 (WordPress Store Locator) A path traversal vulnerability in the NotFound Store Locator plugin (WordPress) allows PHP Local File Inclusion. Affected: Store Locator versions up to 3.98.10 (and possibly listed as NotFound Store Locator). Root cause: improper restriction of pathnames t...
PT-2025-5171 · Unknown · Notfound Custom Page Extensions
Name of the Vulnerable Software and Affected Versions: NotFound Custom Page Extensions versions 0.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables attackers ...
PT-2025-5136 · Unknown · Notfound Sticky Button
Name of the Vulnerable Software and Affected Versions: NotFound Sticky Button versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can...
PT-2025-5135 · Unknown · Notfound Bauernregeln
Name of the Vulnerable Software and Affected Versions: NotFound Bauernregeln versions 1.0.1 and below Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means that an attacker can...
PT-2025-4869 · Unknown · Notfound Store Locator
Name of the Vulnerable Software and Affected Versions: NotFound Store Locator versions 3.98.10 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows PHP Local File Inclusion. This can potential...
PT-2025-5059 · Unknown · Notfound Network-Favorites
Name of the Vulnerable Software and Affected Versions: NotFound Network-Favorites versions 1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables attackers to...
CVE-2025-23834
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RaminMT Links/Problem Reporter report-broken-links allows Reflected XSS.This issue affects Links/Problem Reporter: from n/a through = 2.6.0...
CVE-2025-23835
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jmraya Legal + legal-plus allows Reflected XSS.This issue affects Legal +: from n/a through = 1.0...
CVE-2025-23727
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in antonzaroutski AZ Content Finder az-content-finder allows Reflected XSS.This issue affects AZ Content Finder: from n/a through = 0.1...
CVE-2025-23730
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flx0 FLX Dashboard Groups flx-dashboard-groups allows Reflected XSS.This issue affects FLX Dashboard Groups: from n/a through = 0.0.7...
CVE-2025-23835 WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jmraya Legal + legal-plus allows Reflected XSS.This issue affects Legal +: from n/a through = 1.0...
CVE-2025-23834
CVE-2025-23834: Reflected XSS in the WordPress plugin Links/Problem Reporter (report-broken-links). Affected: NotFound Links/Problem Reporter? Actually 'Links/Problem Reporter' plugin for WordPress; vulnerable in versions up to 2.6.0 (inclusive). Root cause: improper neutralization of input durin...
PT-2025-5131 · Unknown · Notfound Links/Problem Reporter
Name of the Vulnerable Software and Affected Versions: NotFound Links/Problem Reporter versions prior to 2.6.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables attackers...
PT-2025-5132 · Unknown · Notfound Legal
Name of the Vulnerable Software and Affected Versions: NotFound Legal + versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This enables attackers to inject malicious script...
PT-2025-4990 · Unknown · Notfound Youtube Video Grid
Name of the Vulnerable Software and Affected Versions: NotFound Youtube Video Grid versions 1.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This means an attacker can inject...
CVE-2025-23914
Deserialization of Untrusted Data vulnerability in muzaara Muzaara Google Ads Report muzaara-adwords-optimize-dashboard allows Object Injection.This issue affects Muzaara Google Ads Report: from n/a through = 3.1...
CVE-2025-23910
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in keighl Menus Plus+ menus-plus allows SQL Injection.This issue affects Menus Plus+: from n/a through = 1.9.6...
CVE-2025-23931
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Oliver Fuhrmann WordPress Local SEO dh-local-seo allows Blind SQL Injection.This issue affects WordPress Local SEO: from n/a through = 2.3...
CVE-2025-23921
Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through = 1.1.3...
CVE-2025-23938
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CRUDLab Image Gallery Box by CRUDLab image-gallery-box-by-crudlab allows PHP Local File Inclusion.This issue affects Image Gallery Box by CRUDLab: from n/a through = 1.0.3...