CVE-2025-63005 WordPress WordPress Tooltips plugin <= 10.7.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 10.7.9...

WordPress Pagelayer plugin < 1.8.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin PageLayer versions 1.8.8...

WordPress Lexicata plugin <= 1.0.16 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Lexicata versions = 1.0.16...

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.4...

WordPress plugin Locatoraid Store Locator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

WordPress Solidres plugin <= 0.9.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Solidres – Hotel booking plugin versions = 0.9.4...

WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion vulnerability

Insecure Direct Object Reference to Authenticated Employer+ Arbitrary Job Deletion vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.6...

WordPress Widget4call plugin <= 1.0.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Widget4Call versions = 1.0.7...

CVE-2025-62128

Technical details for CVE-2025-62128 are not provided in the supplied documents. No confirmed affected versions, impact, or mitigations are stated here. Monitor for updates from SiteLock, WordPress security advisories, or CVE databases for precise remediation guidance.

CVE-2025-69089

CVE-2025-69089 is a Stored XSS vulnerability affecting the WordPress plugin Auto Listings (Car Listings & Car Dealership Plugin). The Wordfence entry confirms authenticated attackers can exploit improper input handling in web page generation to trigger Stored Cross-Site Scripting, impacting Auto ...

CVE-2025-68998 WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Heateor Support Heateor Social Login heateor-social-login allows Cross Site Request Forgery.This issue affects Heateor Social Login: from n/a through = 1.1.39...

CVE-2025-68998 WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Heateor Support Heateor Social Login heateor-social-login allows Cross Site Request Forgery.This issue affects Heateor Social Login: from n/a through = 1.1.39...

CVE-2025-69007 WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

CVE-2025-23554 WordPress Off Page SEO plugin <= 3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page SEO: from n/a through = 3.0.3...

CVE-2025-23469 WordPress Sleekplan plugin <= 0.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sleekplan allows Reflected XSS.This issue affects Sleekplan: from n/a through 0.2.0...

CVE-2025-68860 WordPress Mobile builder plugin <= 1.4.2 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder mobile-builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through = 1.4.2...

CVE-2025-68879 WordPress Content Grid Slider plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in councilsoft Content Grid Slider content-grid-slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through = 1.5...

WordPress Visitor Stats Widget plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Visitor Stats Widget versions = 1.5.0...

WordPress Quiz Maker 6.7.0.56 - SQL Injection

Exploit Title: WordPress Quiz Maker 6.7.0.56 - SQL Injection Date: 2025-12-16 Exploit Author: Rahul Sreenivasan Tr0j4n Vendor Homepage: https://ays-pro.com/wordpress/quiz-maker Software Link: https://wordpress.org/plugins/quiz-maker/ Version: = 6.7.0.56 Tested on: WordPress 6.x with Quiz Maker...

CVE-2025-68605 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.23...