CVE-2025-68590 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through = 1.4.2...

CVE-2025-68567

Technical details for CVE-2025-68567 are not provided in the supplied connected documents. Public disclosure/updates should be monitored for the affected plugin (my-auctions-allegro-free-edition). No vendor/product specifics beyond the description are available here.

CVE-2025-67631 WordPress Gift Hunt plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ecommerce Platforms Gift Hunt gift-hunt allows Stored XSS.This issue affects Gift Hunt: from n/a through = 2.0.2...

CVE-2025-67625 WordPress Trade Runner plugin <= 3.14 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through = 3.14...

CVE-2023-32120

CVE-2023-32120 affects the WordPress plugin Hostel. The issue is an XSS vulnerability caused by improper neutralization of input during web page generation, enabling DOM-based XSS in affected versions up to 1.1.5.1. A fix is available in version 1.1.5.2. Multiple connected sources corroborate thi...

CVE-2025-68563 WordPress Subscribe to Unlock Lite plugin <= 1.3.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP Local File Inclusion.This issue affects Subscribe to Unlock Lite: from n/a through = 1.3.0...

WordPress plugin Twitch Player 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress WooMulti plugin <= 1.7 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin WooMulti versions = 1.7...

CVE-2025-14734

CVE-2025-14734 concerns the Amazon affiliate lite Plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) affecting all versions up to 1.0.0, caused by missing or incorrect nonce validation in the ADAL_settings_page function. This enables unauthenticated attackers to update...

CVE-2025-63043 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.23...

CVE-2025-60089

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...

CVE-2025-67546 WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through = 1.16.6...

CVE-2025-60182 WordPress Support Board plugin < 3.8.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Schiocco Support Board supportboard allows Reflected XSS.This issue affects Support Board: from n/a through 3.8.7...

CVE-2025-60178 WordPress WP Gravity Forms HubSpot plugin <= 1.2.6 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.6...

CVE-2025-6324

CVE-2025-6324 concerns a DOM-based XSS in the WordPress plugin “Easy Invoice” (MatrixAddons Easy Invoice), affecting versions from unknown start through 2.0.9. The vulnerability is described as improper neutralization of input during web page generation, enabling cross-site scripting. Multiple co...

CVE-2025-60090 WordPress WP Gravity Forms Insightly plugin <= 1.1.6 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through = 1.1.6...

CVE-2025-60078 WordPress Task Manager plugin <= 3.0.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Agence web Eoxia – Montpellier Task Manager task-manager allows PHP Local File Inclusion.This issue affects Task Manager: from n/a through = 3.0.2...

WordPress plugin Post Grid and Gutenberg Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin WP Gravity Forms HubSpot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-67912

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premio Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through = 3.3.4...