CVE-2025-52931 Unexpected input to Update Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body...

CVE-2025-49965 WordPress PixelBeds Channel Manager and Hotel Booking Engine plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine allows Cross Site Request Forgery. This issue affects PixelBeds Channel Manager and Hotel Booking Engine: from n/a through 1.0...

WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin YITH PayPal Express Checkout for WooCommerce versions = 1.49.0...

CVE-2023-47240

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap plugin = 1.1.11 versions...

CVE-2025-30887 WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.2.9...

WordPress plugin EmbedSocial security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Gianism plugin < 5.2.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Felipe Restrepo Rodriguez, Mateo Gutierrez Gomez in WordPress Plugin Gianism versions 5.2.1...