CVE-2025-53423 WordPress Triss theme <= 2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes Triss triss allows Reflected XSS.This issue affects Triss: from n/a through = 2.6...

CVE-2025-53423 WordPress Triss theme <= 2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes Triss triss allows Reflected XSS.This issue affects Triss: from n/a through = 2.6...

WordPress Noisa theme <= 2.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Noisa versions = 2.6.0...

CVE-2025-9332

The Interactive Human Anatomy with Clickable Body Parts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

EUVD-2025-27949

Malicious code in bioql PyPI...

EUVD-2025-31112

Malicious code in bioql PyPI...

CVE-2025-9844

CVE-2025-9844 (Salesforce CLI on Windows) Affected software: Salesforce CLI (Salesforce) on Windows.Root cause: Uncontrolled Search Path Element that can lead to replacement of a trusted executable.Impact: Potential code execution through replacing a trusted executable; CVSS v3.1 base score 8.8 (...

WordPress Bot Block – Stop Spam Referrals in Google Analytics Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Bot Block Stop Spam Referrals in Google Analytics versions = 2.6...

CVE-2025-57935

Technical details about CVE-2025-57935 are not provided in the supplied documents. No specific affected product version, root cause, impact, or fix is disclosed here. Monitor for official updates from vendors and security advisories.

CVE-2025-57935 WordPress Bot Block – Stop Spam Referrals in Google Analytics Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ricky Dawn Bot Block Stop Spam Referrals in Google Analytics allows Stored XSS. This issue affects Bot Block Stop Spam Referrals in Google Analytics: from n/a through 2.6...

CVE-2025-58269

CVE-2025-58269 affects WP Project Manager (weDevs). The vulnerability is described as a hard-coded credentials issue that could allow retrieval of embedded sensitive data from WP Project Manager versions up to 2.6.25. The connected data indicates no published exploit details in the provided docs,...

CVE-2025-10181 Draft List <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2025-8487 Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation

The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2025-58807

Cross-Site Request Forgery CSRF vulnerability in Dsingh Purge Varnish Cache purge-varnish allows Stored XSS.This issue affects Purge Varnish Cache: from n/a through = 2.6...

WordPress plugin Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Greeny theme <= 2.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Greeny versions = 2.6...

CVE-2025-58216

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Thumbtack Review Slider wp-thumbtack-review-slider allows Stored XSS.This issue affects WP Thumbtack Review Slider: from n/a through = 2.6...

CVE-2025-58216

CVE-2025-58216 is a Stored XSS in the WordPress plugin “WP Thumbtack Review Slider” up to version 2.6, caused by improper input neutralization during web page generation. The vulnerability affects WP Thumbtack Review Slider versions

CVE-2025-49889

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Edge CPT edge-cpt allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through = 1.4...

CVE-2025-48165 WordPress DELUCKS SEO Plugin <= 2.6.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through = 2.6.0...