PT-2025-48609

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘timestamp’ attribute in all versions up to, and including, 2.2.13 due to insufficient input sanitization and...

WordPress BlockArt Blocks plugin <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via timestamp Attribute vulnerability discovered by Farhan Dio Arrafiq in WordPress Plugin BlockArt Blocks versions = 2.2.13...

CVE-2025-66400 mdast-util-to-hast unsanitized class attribute

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This...

CVE-2025-13788

A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public a...

PT-2025-48390

Name of the Vulnerable Software and Affected Versions Chanjet CRM versions prior to 20251107 Description A flaw exists in Chanjet CRM that allows for SQL injection. The issue is located in the /tools/upgradeattribute.php file, specifically within an unknown function. Manipulation of the gblOrgID...

Cross-Site Scripting (XSS)

qwc2 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-supplied input in the attribute table, which allows an authorized attacker to inject and execute arbitrary JavaScript code...

CVE-2025-10144

The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the brands attribute of the products shortcode in all versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-36134

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie...

EUVD-2025-199099

The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the brands attribute of the products shortcode in all versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-10144

The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the brands attribute of the products shortcode in all versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-10144 Perfect Brands for WooCommerce <= 3.6.2 - Authenticated (Contributor+) SQL Injection

The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the brands attribute of the products shortcode in all versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-10144 Perfect Brands for WooCommerce <= 3.6.2 - Authenticated (Contributor+) SQL Injection

The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the brands attribute of the products shortcode in all versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-10144

CVE-2025-10144 concerns the Perfect Brands for WooCommerce plugin for WordPress. Wordfence reports a time-based SQL Injection via the brands attribute of the products shortcode in all versions up to 3.6.2, caused by insufficient escaping of user-supplied input and inadequate preparation of the ex...

Cross-site Scripting (XSS)

joomla/filter is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling and validation of user-supplied input in the checkAttribute method, which allows an attacker to inject malicious scripts that can be executed in a victim’s browser...

PT-2025-47974

Name of the Vulnerable Software and Affected Versions The Perfect Brands for WooCommerce plugin for WordPress versions through 3.6.2 Description The Perfect Brands for WooCommerce plugin for WordPress is susceptible to time-based SQL Injection through the brands attribute of the products shortcod...

CVE-2025-11186

The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookiesaccepted shortcode in all versions up to, and including, 2.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

CVE-2025-11802

The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' shortcode attribute in the bulma-notification shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-11808

The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

CVE-2025-11800

The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'minicrm' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-11803

The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the wpsitey shortcode and the 'before' attribute in the wpsitepostauthor shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitizati...