CVE-2025-15378

CVE-2025-15378 concerns the WordPress AJS Footnotes plugin, where versions up to 1.0 are vulnerable to a stored XSS due to missing authorization/nonce verification on settings save and insufficient input sanitization/output escaping on two parameters: note_list_class and popup_display_effect_in. ...

EUVD-2025-203924

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

EUVD-2025-34201

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

CVE-2025-8897

CVE-2025-8897 documents a Reflected Cross-Site Scripting vulnerability in Beaver Builder – WordPress Page Builder (Lite) versions up to 2.9.2.1. The issue arises from insufficient input sanitization and output escaping in the fl_builder parameter, enabling an unauthenticated attacker to inject sc...

PT-2025-33529 · WordPress · Earnware Connect

Name of the Vulnerable Software and Affected Versions: Earnware Connect versions prior to 1.0.74 Description: The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew hasrole shortcode due to insufficient input sanitization and output escaping on...

WordPress plugin Exclusive Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin Themesflat Addons For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-13644

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-2229 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping of a lesson name. This allows authenticated...

WordPress Plugin The7 Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Gutenberg Blocks with AI by Kadence WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...