CVE-2025-24626 WordPress Music Store – WordPress eCommerce Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through = 1.1.19...

CVE-2025-24537 WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through = 6.7.0...

WordPress plugin Morkva UA Shipping 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1988 · WordPress · Dyn Business Panel

Name of the Vulnerable Software and Affected Versions: Dyn Business Panel WordPress plugin version 1.0.0 Description: The issue arises from the plugin not sanitizing and escaping a parameter before outputting it back in the page. This leads to a Reflected Cross-Site Scripting that could be used...

CVE-2024-13562

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored...

WordPress plugin Connections Business Directory 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2025-24746 WordPress Popup Maker plugin <= 1.20.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Popup Maker popup-maker allows Stored XSS.This issue affects Popup Maker: from n/a through = 1.20.2...

CVE-2025-24712

The CVE is CVE-2025-24712: Radius Blocks (WordPress Gutenberg Blocks) is affected up to and including version 2.1.2 and earlier. A Cross-Site Request Forgery (CSRF) vulnerability could allow unauthorized actions on a user’s account. The provided data confirms the CSRF root cause and affected rang...

CVE-2025-24659 WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Blind SQL Injection.This issue affects WPDM – Premium Packages: from n/a through = 5.9.6...

CVE-2025-24634

CVE-2025-24634 affects the Orbisius Simple Notice WordPress plugin (versions ≤ 1.1.3). It is a Stored XSS due to improper input neutralization during web page generation. CVSS 3.1 base score 5.9 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). Connected sources indicate patching in version 1.1.3 (patched),...

CVE-2024-13409

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the posttypeajaxhandler function. This makes it possible for...

CVE-2025-23734 WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Casey Bisson Gigaom Sphinx go-sphinx allows Reflected XSS.This issue affects Gigaom Sphinx: from n/a through = 0.1...

CVE-2025-23629 WordPress Gallerio plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Subhasis Laha Gallerio gallerio allows Reflected XSS.This issue affects Gallerio: from n/a through = 1.0.1...

CVE-2025-22768

CVE-2025-22768 – CSRF in the Rocket Media Library Mime Type WordPress plugin enables Stored XSS in versions up to 2.1.0. CVSS v3.1 base score 7.1 (HIGH). Exploitation details are not provided in the connected documents; remediation details in the sources indicate a fix beyond 2.1.0, but the exact...

CVE-2025-23541 WordPress Download, Downloads plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in edmon.parker Download, Downloads ydn-download allows Reflected XSS.This issue affects Download, Downloads : from n/a through = 1.4.2...

GHSA-QJW6-XVRM-5F2H Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL

An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. Bitbucket Server Integration Plugin implements this extension point to support OAuth 1.0 authentication. In Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 both inclusi...

CVE-2025-23874 WordPress WP Block Pack plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FalconTheme Team WP Block Pack wp-block-pack allows Reflected XSS.This issue affects WP Block Pack: from n/a through = 1.1.6...

CVE-2025-23603 WordPress Group category creator plugin <= 1.3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MohammadJafar Khajeh Group category creator group-category-creator allows Reflected XSS.This issue affects Group category creator: from n/a through = 1.3.0.3...

CVE-2025-23495 WordPress WooCommerce Order Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chetan Khandla WooCommerce Order Search woocommerce-order-searching allows Reflected XSS.This issue affects WooCommerce Order Search: from n/a through = 1.1.0...

WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by shaman0x01 in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...