WordPress Media Player Addons for Elementor plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widget Fields vulnerability discovered by zer0gh0st in WordPress Plugin Media Player Addons for Elementor – Media Player widget for WP versions = 1.0.5...

CVE-2025-8520 givanz Vvveb Drag-and-Drop Editor editor server-side request forgery

A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to server-side request forgery. The attack can be...

WordPress iLoveIMG Plugin <= 1.0.5 is vulnerable to PHP Object Injection

Software iLoveIMG Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE N/A Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 259c37e12af8 Credits Unknown Required privilege Administrator Published 14...

WordPress Simple Tour Guide Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Simple Tour Guide Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 16c7f68a1d9d Credits Rafie Muhammad Patchstack Required...