WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.7...

CVE-2025-62038 WordPress MeetingHub plugin <= 1.23.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Sovlix MeetingHub meetinghub allows Retrieve Embedded Sensitive Data.This issue affects MeetingHub: from n/a through = 1.23.9...

CVE-2025-60196 WordPress Clearblue® Ovulation Calculator plugin <= 1.2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Clearblue Clearblue® Ovulation Calculator clearblue-ovulation-calculator allows PHP Local File Inclusion.This issue affects Clearblue® Ovulation Calculator: from n/a through =...

CVE-2025-58636

The CVE describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin WP Gravity Forms Keap/Infusionsoft (gf-infusionsoft) affecting versions from n/a up to and including 1.2.3. The root cause is object injection via unsafe deserialization. According to the public records, t...

CVE-2025-53239

The CVE affects the WordPress plugin User Registration Aide by bnovotny (versions

CVE-2025-52773 WordPress HieCOR Payment Gateway plugin plugin <= 1.5.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...

CVE-2025-28953 WordPress smart SEO plugin <= 4.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through = 4.0...

WordPress plugin KiotViet Sync 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A code issue...

WordPress plugin Nari Accountant 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

PT-2025-44704

Name of the Vulnerable Software and Affected Versions The Flying Images: Optimize and Lazy Load Images for Faster Page Speed plugin for WordPress versions prior to 2.4.15 Description The plugin is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitizati...

CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

CVE-2025-64361 WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows DOM-Based XSS.This issue affects Consulting Elementor Widgets: from n/a through = 1.4.2...

CVE-2025-11881 AppPresser – Mobile App Framework <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'myapppverify' function in all versions up to, and including, 4.5.0. This makes it possible for unauthenticated attackers to extract sensitive data...

CVE-2025-11627 Site Checkup AI Troubleshooting with Wizard and Tips for Each Issue <= 1.47 - Unauthenticated Log File Poisoning

The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possible for unauthenticated attackers to insert arbitrary content into log files, and potentially cause...

GHSA-W5R3-GR8W-7FJ5 Jenkins Eggplant Runner Plugin protection mechanism disabled

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value as part of applying a proxy configuration. This disables a protection mechanism of the Java runtime addressing CVE-2016-5597. As of publicatio...

WordPress plugin Thumbnail Slider With Lightbox SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A SQL injection...

PT-2025-44299

Name of the Vulnerable Software and Affected Versions Jenkins Publish to Bitbucket Plugin versions 0.4 and earlier Description A flaw exists where a missing permission check allows attackers possessing Overall/Read permission to establish a connection to a URL specified by the attacker, utilizing...

PT-2025-44274

Name of the Vulnerable Software and Affected Versions The Call Now Button – The 1 Click to Call Button for WordPress plugin versions prior to 1.5.4 Description The plugin is susceptible to unauthorized data modification because of a missing capability check within the activate function. This allo...

CVE-2025-62986 WordPress FanBridge signup plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through = 0.6...

CVE-2025-62983 WordPress Posts By Tag plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu Posts By Tag posts-by-tag allows Stored XSS.This issue affects Posts By Tag: from n/a through = 3.2.1...