WordPress Easy SVG Support plugin <= 4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Sornram9254 in WordPress Plugin Easy SVG Support versions = 4.0...

CVE-2025-14608

CVE-2025-14608 — WP Last Modified Info (WordPress plugin) affects WP Last Modified Info versions

CVE-2025-12366

CVE-2025-12366: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress has an Insecure Direct Object Reference in versions up to 2.0.5, caused by missing validation in pagelayer_replace_page. This authenticated vulnerability affects users with Author-level access and abo...

CVE-2025-8357 Media Library Assistant <= 3.27 - Authenticated (Author+) Limited File Deletion

The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in the processmladownloadfile function in all versions up to, and including, 3.27. This makes it...

WordPress Icegram Engage plugin < 3.1.32 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Icegram versions 3.1.32...

WordPress Visualmodo Elements plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Visualmodo Elements versions = 1.0.2...

WordPress Ditty plugin < 3.1.47 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ditty versions 3.1.47...

WordPress Basticom Framework plugin <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Basticom Framework versions = 1.5.0...

WordPress SVG Support plugin <= 2.5.7 - Authenticated (Author+) Cross-Site Scripting via SVG vulnerability

Authenticated Author+ Cross-Site Scripting via SVG vulnerability discovered by Nathanial Lattimer d0nut in WordPress Plugin SVG Support versions = 2.5.7...

WordPress Ditty plugin < 3.1.36 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Krugov Aryom in WordPress Plugin Ditty versions 3.1.36...

WordPress Reviews and Rating – Google Reviews plugin <= 5.2 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Reviews and Rating – Google My Business versions = 5.2...