CVE-2024-11924 Email Subscribers < 5.7.52 - Admin+ Stored XSS

The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

CVE-2024-10680

The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13610

The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-13207 Widget for Social Page Feeds < 6.4.2 - Admin+ Stored XSS

The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

CVE-2025-3064

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...

CVE-2025-3064 WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...

CVE-2025-3064

CVE-2025-3064 : WordPress plugin WPFront User Role Editor (affected versions up to 4.2.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in whitelist_options(). This allows unauthenticated attackers to update the default role option, enabling privilege escal...

PT-2025-15409 · Wpfront · Wpfront User Role Editor

Name of the Vulnerable Software and Affected Versions: WPFront User Role Editor versions up to 4.2.1 Description: The issue is related to Cross-Site Request Forgery, caused by missing or incorrect nonce validation in the whitelist options function. This allows unauthenticated attackers to update...

CVE-2025-31436

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Angelo Mandato Blubrry PowerPress Podcasting plugin MultiSite add-on powerpress-multisite allows Reflected XSS.This issue affects Blubrry PowerPress Podcasting plugin MultiSite add-on: from n/a...

CVE-2025-31436 WordPress Blubrry PowerPress Podcasting plugin MultiSite add-on plugin <= 0.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Angelo Mandato Blubrry PowerPress Podcasting plugin MultiSite add-on powerpress-multisite allows Reflected XSS.This issue affects Blubrry PowerPress Podcasting plugin MultiSite add-on: from n/a...

CVE-2025-31436 WordPress Blubrry PowerPress Podcasting plugin MultiSite add-on plugin <= 0.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Angelo Mandato Blubrry PowerPress Podcasting plugin MultiSite add-on allows Reflected XSS. This issue affects Blubrry PowerPress Podcasting plugin MultiSite add-on: from n/a through 0.1.1...

PT-2025-14086 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for Wordpress versions up to, and including, 3.7.4.1 Description: The issue is related to Stored Cross-Site Scripting via the label parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2025-31090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alordiel Dropdown Multisite selector dropdown-multisite-selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.4...

WordPress Dropdown Multisite selector plugin < 0.9.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Dropdown Multisite selector versions 0.9.4...

CVE-2025-31090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alordiel Dropdown Multisite selector dropdown-multisite-selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.4...

CVE-2025-31090 WordPress Dropdown Multisite selector < 0.9.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alordiel Dropdown Multisite selector allows Stored XSS. This issue affects Dropdown Multisite selector: from n/a through n/a...

CVE-2025-31090 WordPress Dropdown Multisite selector plugin < 0.9.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alordiel Dropdown Multisite selector dropdown-multisite-selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.4...

CVE-2025-31090

CVE-2025-31090 affects the Dropdown Multisite selector component. The issue is an improper input neutralization during web page generation, allowing a Stored Cross-Site Scripting (XSS) vulnerability. Affected versions are earlier than 0.9.4 for the Dropdown Multisite selector. The CVSSv3.1 base s...

WordPress plugin Dropdown Multisite selector 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-12682

The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...