2673 matches found
PT-2025-9067 · WordPress · The Pricing Table
Name of the Vulnerable Software and Affected Versions: The Pricing Table by PickPlugins plugin for WordPress versions up to, and including, 1.12.10 Description: The issue is related to Stored Cross-Site Scripting via the Button Link due to insufficient input sanitization and output escaping. This...
CVE-2025-27266
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...
CVE-2025-27347
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in techmix Direct Checkout Button for WooCommerce woo-direct-checkout-button allows Stored XSS.This issue affects Direct Checkout Button for WooCommerce: from n/a through = 1.0...
CVE-2025-27266
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...
WordPress Direct Checkout Button for WooCommerce plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Direct Checkout Button for WooCommerce versions = 1.0...
WordPress Hover Image Button plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Hover Image Button versions = 1.1.2...
CVE-2025-27347 WordPress Direct Checkout Button for WooCommerce plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in techmix Direct Checkout Button for WooCommerce woo-direct-checkout-button allows Stored XSS.This issue affects Direct Checkout Button for WooCommerce: from n/a through = 1.0...
CVE-2025-27347
CVE-2025-27347 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Direct Checkout Button for WooCommerce . The issue arises from improper neutralization of input during web page generation, enabling stored XSS. Affected software is the Direct Checkout Button for WooComme...
CVE-2025-27266
CVE-2025-27266 is a DOM-based XSS in the WordPress plugin Hover Image Button, with vulnerability reported for versions up to 1.1.2 and earlier. The connected documents confirm improper input neutralization during web page generation as the root cause. No explicit fix version is provided in the su...
CVE-2025-27266 WordPress Hover Image Button plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...
CVE-2025-27266 WordPress Hover Image Button plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...
WordPress plugin Hover Image Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Direct Checkout Button for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-7761 · Woocommerce · Direct Checkout Button For Woocommerce
Name of the Vulnerable Software and Affected Versions: Direct Checkout Button for WooCommerce versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. This allows for Stored...
PT-2025-7325 · WordPress · Umich Oidc Login
Name of the Vulnerable Software and Affected Versions: UMich OIDC Login plugin for WordPress versions up to, and including, 1.2.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'umich oidc button' shortcode due to insufficient input sanitization and output...
CVE-2025-25138
Cross-Site Request Forgery CSRF vulnerability in Rishi On Page SEO + Whatsapp Chat Button ops-robots-txt allows Stored XSS.This issue affects On Page SEO + Whatsapp Chat Button: from n/a through = 2.0.0...
CVE-2025-25138 WordPress On Page SEO + Social Live Chat (Formerly OPS) plugin <= 2.0.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Rishi On Page SEO + Whatsapp Chat Button ops-robots-txt allows Stored XSS.This issue affects On Page SEO + Whatsapp Chat Button: from n/a through = 2.0.0...
CVE-2025-25138
CVE-2025-25138 is a CSRF to Stored XSS vulnerability in the WordPress On Page SEO + Social Live Chat (formerly OPS) plugin that affects versions up to 2.0.0. CVSS 3.1 base score 7.1 (HIGH) with network attack vector, requiring user interaction. Exploit status is not publicly detailed in the docum...
WordPress plugin On Page SEO + Whatsapp Chat Button 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...
CVE-2024-1118
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...