CVE-2025-5699 Developer Formatter <= 2015.0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom CSS

The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-5699 Developer Formatter <= 2015.0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom CSS

The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

WordPress plugin Developer Formatter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-33053 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.7 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1 Description: The issue allows authenticated users with developer access to obtain ID tokens for protected branches...

PT-2025-24045 · WordPress · Developer Formatter

Name of the Vulnerable Software and Affected Versions: Developer Formatter plugin for WordPress versions up to, and including, 2015.0.2.1 Description: The issue is related to Stored Cross-Site Scripting via the Custom CSS, caused by insufficient input sanitization and output escaping. This allows...

WordPress Knowledge Base plugin <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Knowledge Base versions = 2.3.0...

WordPress TicketBAI Facturas para WooCommerce plugin <= 3.45 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ch4r0n in WordPress Plugin TicketBAI Facturas para WooCommerce versions = 3.45...

WordPress YouTube Simple Gallery plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin YouTube Simple Gallery versions = 2.2.0...

WordPress All Currencies for WooCommerce plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin All Currencies for WooCommerce versions = 2.4.3...

WordPress WP Time Slots Booking Form plugin <= 1.2.30 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Jang Jeong Ahn Jhanks in WordPress Plugin WP Time Slots Booking Form versions = 1.2.30...

WordPress Store Locator WordPress plugin <= 1.5.2 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Nguyen Kim Sang in WordPress Plugin Store Locator WordPress versions = 1.5.2...

WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Hydra Booking versions = 1.1.10...

WordPress Persian Woocommerce SMS plugin <= 7.0.10 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by astra.r3verii in WordPress Plugin Persian Woocommerce SMS versions = 7.0.10...

WordPress WP Social Widget plugin <= 2.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WP Social Widget versions = 2.3...

WordPress Greenshift plugin <= 11.5.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Greenshift versions = 11.5.5...

WordPress Event post plugin <= 5.10.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Event post versions = 5.10.1...

WordPress WP Table Builder plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin WP Table Builder versions = 2.0.6...

WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Skalucy in WordPress Plugin Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant versions = 4.1.1...

WordPress Team Showcase plugin < 25.05.13 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Team Showcase versions 25.05.13...

WordPress Testimonials Showcase plugin <= 1.9.16 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Testimonials Showcase versions = 1.9.16...