WordPress WP-SOS-Donate Donation Sidebar Plugin plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WP-SOS-Donate versions = 0.9.2...

WordPress Revolution Video Player With Bottom Playlist <= 2.9.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Revolution Video Player With Bottom Playlist versions = 2.9.2...

WordPress Neom Blog Theme <= 0.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Neom Blog Type Theme Vulnerable versions = 0.0.9 Fixed in 0.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-49274 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID da522fea2d13 Credits Le Ngoc Anh Required privilege...

WordPress Spare Theme <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Software Spare Type Theme Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31638 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7f04b8ce15e4 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Verge3D plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Hiro Code016Hiro in WordPress Plugin Verge3D versions = 4.9.3...

WordPress Formulario de contacto SalesUp! plugin <= 1.0.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Formulario de contacto SalesUp! versions = 1.0.14...

WordPress Travelpayouts plugin < 1.1.14 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Travelpayouts versions 1.1.14...

WordPress Widgets as Shortcodes plugin <= 5.9.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Widgets as Shortcodes versions = 5.9.10...

WordPress My Custom Widgets plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin My Custom Widgets versions = 2.0.5...

WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Psai in WordPress Plugin User Registration versions 4.2.0...

WordPress Run Contests, Raffles, and Giveaways plugin <= 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Run Contests, Raffles, and Giveaways with ContestsWP versions = 2.1.1...

WordPress WordPress Health and Server Condition plugin <= 4.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin WordPress Health and Server Condition – Integrated with Google Page Speed versions = 4.1.1...

WordPress Snow Storm plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Snow Storm versions = 1.4.6...

WordPress Slide Theme <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Slide Type Theme Vulnerable versions = 1.7.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31013 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 185dcd16a69e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immuni...

WordPress Blizzard Quotes Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blizzard Quotes Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed471ac7b5ce Credits SOPROBRO Required...

WordPress Simple Modal Plugin <= 0.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Simple Modal Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51718 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 97fa1290c928 Credits João Pedro S Alcântara Kinorth Requir...

WordPress my wooden under construction Theme <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Software my wooden under construction Type Theme Vulnerable versions = 2.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49269 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6cc0e1da3f3b Credits justakazh Required...

WordPress Ninja Forms Plugin 3.8.6-3.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.8.6-3.8.10 Fixed in 3.8.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9b1a720170de Credits Erwan LR WPScan Required privilege...

WordPress Flaming Forms Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Flaming Forms Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7691 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 74ab02fc965d Credits Bob Matyas Required...

WordPress Donation Block For PayPal Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Donation Block For PayPal Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6021 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 49c1f9f09af2 Credits Bob Matyas...