PT-2025-4985 · Unknown · Gordon French Comment-Emailer

Name of the Vulnerable Software and Affected Versions: Gordon French Comment-Emailer versions 1.0.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-4681 · Olaf Lederer · Wp Ajax Contact Form

Name of the Vulnerable Software and Affected Versions: Olaf Lederer Ajax Contact Form versions 1.2.5.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. This means an attacke...

CVE-2024-13323

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-4599 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: A Stored Cross-Site Scripting XSS vulnerability was identified in the informacao adicional.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into...

PT-2025-4600 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: A Stored Cross-Site Scripting XSS vulnerability was identified in the dependente editarInfoPessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scrip...

WordPress plugin Orbit Fox by ThemeIsle 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2024-6155

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshiftdownloadfilelocaly function...

WordPress Zephyr Admin Theme Plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Zephyr Admin Theme versions = 1.4.1...

PT-2025-4440 · Unknown · Nik Chankov Autocompleter

Name of the Vulnerable Software and Affected Versions: Nik Chankov Autocompleter versions 1.3.5.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on ...

PT-2025-4451 · Wenprise · Wizhi Multi Filters

Name of the Vulnerable Software and Affected Versions: Wizhi Multi Filters by Wenprise versions 1.8.6 and earlier Description: A Cross-Site Request Forgery CSRF issue in Wizhi Multi Filters by Wenprise allows Stored XSS. This means an attacker can perform actions on behalf of a user without their...

PT-2025-4577 · Unknown · Bozdoz Quote Tweet

Name of the Vulnerable Software and Affected Versions: bozdoz Quote Tweet versions n/a through 0.7 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and...

PT-2025-1717 · WordPress · The Taskbuilder

Name of the Vulnerable Software and Affected Versions: The Taskbuilder – WordPress Project & Task Management plugin versions up to, and including, 3.0.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wppm tasks shortcode due to insufficient input sanitization an...

WordPress NAVER Analytics plugin <= 0.9 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by 渡辺康介 Patchstack Alliance in WordPress Plugin NAVER Analytics versions = 0.9...

CVE-2024-11607

The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

PT-2024-16969 · WordPress · Spotlight

Name of the Vulnerable Software and Affected Versions: Spotlightr plugin for WordPress versions up to, and including, 0.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-36278 · WordPress · Matt Walters Wordpress Filter

Name of the Vulnerable Software and Affected Versions: Matt Walters WordPress Filter versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-36331 · Bluesky · Blueskyy Wp-Ban-User

Name of the Vulnerable Software and Affected Versions: blueskyy WP-Ban-User versions 1.0 and earlier Description: A Cross-Site Request Forgery CSRF issue in blueskyy WP-Ban-User allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge, potentially...

PT-2024-36670 · Unknown · Stop Registration Spam

Name of the Vulnerable Software and Affected Versions: Stop Registration Spam versions 1.23 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application...

PT-2024-36284 · Unknown · Go Animate

Name of the Vulnerable Software and Affected Versions: Go Animate versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also...

PT-2024-36312 · Unknown · Jesse Overright Social Media Sharing

Name of the Vulnerable Software and Affected Versions: Jesse Overright Social Media Sharing versions n/a through 1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a we...