CVE-2025-12632

The RandomQuotr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2025-12019

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-12631

The Squirrels Auto Inventory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-12538

The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and abov...

CVE-2025-12020

The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

PT-2025-46568

Name of the Vulnerable Software and Affected Versions MembershipWorks – Membership, Events & Directory plugin for WordPress versions prior to 6.14 Description The plugin is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and output escaping...

EUVD-2025-60964

The RandomQuotr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

EUVD-2025-60938

The Squirrels Auto Inventory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

EUVD-2025-60965

The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and abov...

EUVD-2025-60953

The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

EUVD-2025-60922

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-12632

The RandomQuotr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2025-12631

The Squirrels Auto Inventory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-12019

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-12020

The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2025-12019

CVE-2025-12019 affects the WordPress Featured Image plugin (versions up to 2.1). It is a Stored XSS via image metadata, requiring an authenticated attacker with administrator+ privileges, and applies to multi-site setups or sites with unfiltered_html disabled. The Wordfence report confirms the vu...

CVE-2025-12019 Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-12019 Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-12631 Squirrels Auto Inventory <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

The Squirrels Auto Inventory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-12631 Squirrels Auto Inventory <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

The Squirrels Auto Inventory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...