108 matches found
CVE-2025-7439 Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link
Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anberitem'buttonlink''url'’ parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-7440 Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link
The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item'buttonlink''url' parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-7440 Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link
The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item'buttonlink''url' parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5844 Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter
The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-8905 Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call
The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the themesectionshortcode function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with...
WordPress Spectra plugin <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Spectra versions = 2.19.0...
WordPress Ultra Addons Lite for Elementor plugin <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure vulnerability
Authenticated Contributor+ Restricted Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultra Addons Lite for Elementor versions = 1.1.8...
WordPress UltraEmbed plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin UltraEmbed versions = 1.0.3...
WordPress NGG Smart Image Search plugin <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin NGG Smart Image Search versions = 3.2.1...
WordPress Tracking Code Manager plugin < 2.4.0 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Tracking Code Manager versions 2.4.0...
WordPress Ask Me Anything (Anonymously) plugin <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Ask Me Anything Anonymously versions = 1.6...
WordPress GatorMail SmartForms plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin GatorMail SmartForms versions = 1.1.0...
WordPress Accordion Slider Lite plugin <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by yudha in WordPress Plugin Accordion Slider Lite versions = 1.5.1...
WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.5 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by Thanh Nam Tran in WordPress Plugin MDTF versions = 1.3.3.5...
WordPress Solar Wizard Lite plugin <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Solar Wizard Lite versions = 1.2.4...
WordPress Tabs Shortcode plugin <= 2.0.2 - Contributor+ XSS via Shortcode vulnerability
Contributor+ XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Tabs Shortcode versions = 2.0.2...
WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin < 3.2.22 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Robo Gallery versions 3.2.22...
WordPress Goodlayers Core plugin < 2.0.10 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Goodlayers Core versions 2.0.10...
WordPress Embed Twine plugin <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Embed Twine versions = 0.1.0...
WordPress Spoki – Chat Buttons and WooCommerce Notifications plugin <= 2.15.15 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Spoki versions = 2.15.15...