CVE-2026-1666 Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter

The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirectto' parameter in all versions up to, and including, 3.3.46. This is due to insufficient input sanitization and output escaping on the 'redirectto' GET parameter in the login form shortcode...

WordPress Plugin Administrative Shortcodes Cross-Site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-10140

The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2025-34546

The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Quick Social Login 跨站脚本漏洞

WordPress Quick Social Login plugin is a plugin that allows users to quickly log in or sign up through social media accounts such as Facebook, Google, Twitter, LinkedIn, Slack and WordPress.com. The WordPress Quick Social Login plugin suffers from a cross-site scripting vulnerability that stems...

WordPress BP Direct Menus plugin cross-site scripting vulnerability

WordPress BP Direct Menus plugin is a menu management plugin for WordPress, which is mainly used to realize the quick jump function of menu items. WordPress BP Direct Menus plugin has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of the bpdmlogi...

CVE-2025-10189

The BP Direct Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bpdmlogin' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-10189

The BP Direct Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bpdmlogin' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-10189

CVE-2025-10189 : WordPress BP Direct Menus plugin (versions

CVE-2025-9857

The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HeateorFacebookLogin' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

CVE-2025-9857 Heateor Login – Social Login Plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HeateorFacebookLogin' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...