WordPress Add Code To Head plugin <= 1.17 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bao - BlueRock in WordPress Plugin Add Code To Head versions = 1.17...

WordPress LatestCheckins plugin <= 1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin LatestCheckins versions = 1...

WordPress Blocksy Theme <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-55713 Patch priority Low CVSS severity Low 5.9 Developer Creative Themes PSID 05f50ffb9258 Credits savphill Required privilege Shop manager...

WordPress HT Mega plugin <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure vulnerability

Authenticated Author+ Sensitive Information Exposure vulnerability discovered by wesley wcraft in WordPress Plugin HT Mega versions = 2.9.1...

WordPress PowerPress Podcasting plugin <= 11.9.17 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Krugov Artyom in WordPress Plugin PowerPress Podcasting versions = 11.9.17...

WordPress Download Manager plugin <= 3.2.98 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Download Manager versions = 3.2.98...

WordPress WP Content Copy Protection & No Right Click (premium) plugin <= 15.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP Content Copy Protection & No Right Click premium versions = 15.0...

WordPress Easyfonts plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Easyfonts versions = 1.1.2...

WordPress Advanced Woo Labels Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Woo Labels Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47622 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9dc287c181e2 Credits savphill Required privilege...

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-23679 Patch priority Low CVSS severity Low 4.6 Developer Claim ownership PSID...

WordPress Youtube shortcode Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)

Software Youtube shortcode Type Plugin Vulnerable versions = 1.8.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23687 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c5d93f87872c Credits István Márton Required...