PT-2025-6572 · WordPress · Cats Job Listings

Name of the Vulnerable Software and Affected Versions: CATS Job Listings plugin for WordPress versions up to and including 2.0.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode due to insufficient input sanitization and output escaping on...

WordPress plugin Mortgage Calculator / Loan Calculator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress Popup Builder Plugin < 4.2.6 Authenticated (Admin+) SSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sygnoos:popupbuilder"; if description...

CVE-2025-26766 WordPress Leyka plugin <= 3.31.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VaultDweller Leyka leyka allows Stored XSS.This issue affects Leyka: from n/a through = 3.31.8...

CVE-2025-22284 WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8...

WordPress plugin WP Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-23431 WordPress Envato Affiliater plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Envato Affiliater allows Reflected XSS. This issue affects Envato Affiliater: from n/a through 1.2.4...

CVE-2025-23428 WordPress QMean plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound QMean – WordPress Did You Mean allows Reflected XSS. This issue affects QMean – WordPress Did You Mean: from n/a through 2.0...

PT-2025-6456 · WordPress · Wp Job Board Pro

Name of the Vulnerable Software and Affected Versions: WP Job Board Pro plugin for WordPress versions up to, and including, 1.2.76 Description: The issue is related to privilege escalation due to the plugin allowing a user to supply the role field when registering, making it possible for...

WordPress Book a Room plugin <= 2.9 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by SOPROBRO in WordPress Plugin Book a Room versions = 2.9...

WordPress Widget Options Plugin <= 4.1.0 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by Tran Nguyen Bao Khanh in WordPress Plugin Widget Options versions = 4.1.0...

360 Product Rotation <= 1.5.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. PoC...

WordPress WPForms Contact Form Plugin <= 1.8.7.2 Unauthenticated Data Manipulation Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpforms:contactform"; ifdescription...

CVE-2025-25146 WordPress Songkick Concerts and Festivals plugin <= 0.9.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in saleandro Songkick Concerts and Festivals songkick-concerts-and-festivals allows Cross Site Request Forgery.This issue affects Songkick Concerts and Festivals: from n/a through = 0.9.7...

CVE-2025-25072 WordPress WP Admin Custom Page plugin <= 1.5.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in thunderbax WP Admin Custom Page wp-admin-custom-page allows Stored XSS.This issue affects WP Admin Custom Page: from n/a through = 1.5.0...

CVE-2024-13487

The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the getproductsprice function in all versions up to, and including, 2.2.5. This is due to the software...

CVE-2024-13487 CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function

The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the getproductsprice function in all versions up to, and including, 2.2.5. This is due to the software...

CVE-2022-47603

Unauth. Reflected Cross-Site Scripting XSS vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin = 2.0.1 versions...

CVE-2022-45084

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

CVE-2022-45837

Reflected Cross-Site Scripting XSS vulnerability in Denis 微信机器人高级版 plugin = 6.0.1 versions...