122 matches found
CVE-2025-13895
The Top Position Google Finance plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2025-14128
The Stumble! for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14118
The Starred Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the PHPSELF variable in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2026-1722
Name of the Vulnerable Software and Affected Versions Top Position Google Finance versions up to and including 0.1.0 Description The Top Position Google Finance plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This...
PT-2026-1707
Name of the Vulnerable Software and Affected Versions Shabat Keeper versions up to and including 0.4.4 Description The Shabat Keeper plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attacker...
CVE-2025-14127
The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress WP Widget Changer plugin <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WP Widget Changer versions = 1.2.5...
CVE-2025-14131 WP Widget Changer <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The WP Widget Changer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14130 Post Like Dislike <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Post Like Dislike plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
CVE-2025-14118
CVE-2025-14118 (Starred Review - WordPress) is a Reflected Cross-Site Scripting vulnerability in the Starred Review plugin for WordPress, affecting versions up to 1.4.2. The issue arises from insufficient input sanitization and output escaping around PHP_SELF, enabling unauthenticated attackers t...
CVE-2025-14118 Starred Review <= 1.4.2 - Reflected Cross-Site Scripting via PHP_SELF Variable
The Starred Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the PHPSELF variable in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-14127 Testimonial Master <= 0.2.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14128
CVE-2025-14128 concerns the WordPress plugin Stumble! for WordPress . The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw via the PHP_SELF variable exposed by the plugin in all versions up to 1.1.1. According to Wordfence’s weekly report, this flaw allows unauthenticated attackers to...
WordPress Simple AL Slider plugin <= 1.2.10 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Simple AL Slider versions = 1.2.10...
CVE-2025-13624
The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2025-13624 Overstock Affiliate Links <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2025-13624 Overstock Affiliate Links <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2025-14138
The WPLG Default Mail From plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14137
The Simple AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress 评论小秘书 plugin <= 1.3.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin 评论小秘书 versions = 1.3.2...