CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-9111

The CVE-2025-9111 entry applies to the WordPress plugin “AI ChatBot for WordPress” (WPBOT) versions before 7.1.0. The issue is a failure to sufficiently sanitise and escape some settings, which could allow stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed ...

CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-8889

The CVE-2025-8889 affects the WordPress plugin Compress & Upload (versions prior to 1.0.5). The root cause is inadequate validation of uploaded files, allowing high-privilege users (e.g., admin) to upload arbitrary files on the server (including in multisite setups). Exploitation details indicate...

CVE-2025-8889 Compress Then Upload < 1.0.5 - Admin+ Arbitrary File Upload

The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2025-8889 Compress Then Upload < 1.0.5 - Admin+ Arbitrary File Upload

The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

PT-2025-36576

Name of the Vulnerable Software and Affected Versions: Compress & Upload WordPress plugin versions prior to 1.0.5 Description: The Compress & Upload WordPress plugin does not properly validate uploaded files, allowing high privilege users, such as administrators, to upload arbitrary files to the...

CVE-2023-3666

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3666 Sticky Side Buttons < 2.0.0 - Admin+ Stored XSS

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3666

CVE-2023-3666 affects the Sticky Side Buttons WordPress plugin prior to version 2.0.0. The issue is Stored XSS caused by insufficient sanitisation/escaping of certain settings, potentially exploitable by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite)...

CVE-2025-5083

The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-5083

The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-5083 Amministrazione Trasparente <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via print_r Function

The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-5083

The CVE-2025-5083 issue affects the WordPress Amministrazione Trasparente plugin, vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 9.0 due to insufficient input sanitization and output escaping. The vulnerability requires authenticated attackers with administrato...

PT-2025-35389

Name of the Vulnerable Software and Affected Versions: Amministrazione Trasparente plugin for WordPress versions prior to 9.1 Description: The Amministrazione Trasparente plugin for WordPress is susceptible to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization a...

CVE-2025-8490

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

WordPress MultiSite Clone Duplicator plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin MultiSite Clone Duplicator versions = 1.5.3...

CVE-2025-8490

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

Linux Distros Unpatched Vulnerability : CVE-2020-28033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. CVE-2020-28033 Note that Nessus...

CVE-2025-8490 All-in-One WP Migration and Backup <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...