WordPress plugin AhaChat Messenger Marketing has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2023-59376

Malicious code in bioql PyPI...

CVE-2025-58242 WordPress Bg Church Memos Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vadim Bogaiskov Bg Church Memos bg-church-memos allows DOM-Based XSS.This issue affects Bg Church Memos: from n/a through = 1.1...

WordPress plugin davaxi Goracash 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-35778

Cross-Site Request Forgery CSRF vulnerability in Neha Goel Recent Posts Slider plugin = 1.1 versions...

CVE-2025-32518 WordPress ALD Login Page plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in hossainawlad ALD Login Page allows Stored XSS. This issue affects ALD Login Page: from n/a through 1.1...

WordPress UniTimetable plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin UniTimetable versions = 1.1...

CVE-2025-23871

CVE-2025-23871 is a CSRF vulnerability in the LSD Google Maps Embedder. Public description indicates it affects versions up to 1.1, but the connected Red Hat entry only reiterates the CSRF issue without listing an available patch or fixed version. No exploits, mitigation steps, or precise remedia...

WordPress plugin Winning Portfolio 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-22502

CVE-2025-22502 describes an SQL Injection vulnerability in Mindvalley MindValley Super PageMash. The initial description states an improper neutralization of special elements used in SQL commands, enabling injection. The vulnerability is linked to MindValley Super PageMash versions from n/a up to...

WordPress Chative Live chat and Chatbot plugin <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function vulnerability

Cross-Site Request Forgery via addchativewidgetaction Function vulnerability discovered by Peter Thaleikis in WordPress Plugin Chative Live chat and Chatbot versions = 1.1...

CVE-2024-54433

CVE-2024-54433 describes a CSRF vulnerability in the Simple Booking Widget that can lead to stored XSS. Affected software is Simple Booking Widget (version range from n/a through 1.1). Connected sources confirm the issue and indicate patch status as Unpatched; no public exploitation status is pro...

CVE-2024-54439

CVE-2024-54439 is a CSRF to Stored XSS vulnerability in the Amazon Product Price WordPress plugin. Affected software: Amazon Product Price (WordPress). Reported issue links indicate CSRF could trigger Stored XSS, enabling execution of arbitrary scripts in victim sessions. CVSSv3.1 base score 7.1 ...

CVE-2024-4289

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-25781

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sebastian Krysmanski Upload File Type Settings plugin = 1.1 versions...

WordPress VideoWhisper Video Presentation plugin <= 1.1 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress VideoWhisper Video Presentation plugin = 1.1 SQL Injection Vulnerability Date: 2011-09-02 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link:...