CVE-2025-62953

CVE-2025-62953 describes a missing authorization flaw in the WordPress plugin Welcart e-Commerce (usc-e-shop), affecting versions up to 2.11.24. The issue is a broken/incorrectly configured access control that allows an unauthorized actor to bypass security levels. Public sources in the connected...

CVE-2025-62916

CVE-2025-62916 is a Missing Authorization/Broken Access Control vulnerability affecting the WordPress plugin Flights & Hotels Booking WP Plugin (adiaha-hotel)

CVE-2025-62903 WordPress WPC Smart Messages for WooCommerce plugin <= 4.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPClever WPC Smart Messages for WooCommerce wpc-smart-messages allows Stored XSS.This issue affects WPC Smart Messages for WooCommerce: from n/a through = 4.2.8...

CVE-2025-62902

CVE-2025-62902 describes a vulnerability in the WordPress plugin WP Popup Builder (wp-popup-builder) where sensitive system information can be exposed to an unauthorized control sphere, enabling retrieval of embedded sensitive data. Affected pages indicate the issue affects WP Popup Builder versi...

WordPress plugin Welcart e-Commerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Smart WeTransfer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Originality.ai AI Checker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin VNPAY Payment gateway 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-43583

Name of the Vulnerable Software and Affected Versions Jeg Kit for Elementor WordPress plugin versions prior to 2.7.0 Description The Jeg Kit for Elementor WordPress plugin does not properly sanitize SVG file contents when uploaded through the xmlrpc.php file, which can result in a cross-site...

WordPress Bold Page Builder plugin <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via percentage Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Bold Page Builder versions = 5.4.5...

CVE-2025-53420

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows Reflected XSS.This issue affects WPLMS: from n/a through = 1.9.9.8...

CVE-2025-62062 WordPress Easy Post Submission plugin <= 1.7.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Retrieve Embedded Sensitive Data.This issue affects Easy Post Submission: from n/a through = 1.7.0...

CVE-2025-60221 WordPress Captivate Sync Plugin <= 3.0.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through = 3.0.3...

CVE-2025-60211 WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through = 3.2.3...

CVE-2025-60132 WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through = 1.2...

CVE-2025-59007

CVE-2025-59007 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin TF Woo Product Grid Addon For Elementor (tf-woo-product-grid) up to version 1.0.1. The issue enables Object Injection due to unsafe deserialization of data, with the public records indicating a high...

CVE-2025-58916 WordPress Author: Munzir plugin <= 0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Munzir Author: Munzir myshouts-shoutbox allows Reflected XSS.This issue affects Author: Munzir: from n/a through = 0.9...

CVE-2025-53351

CVE-2025-53351 corresponds to a WordPress Fidelo Snippet plugin vulnerability (versions through 1.12) where improper input neutralization during web page generation enables reflected XSS. Affected component: Fidelo Snippet (WordPress plugin). Root cause: inadequate input sanitization in the page ...

CVE-2025-53218 WordPress AppExperts plugin <= 1.4.5 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through = 1.4.5...

CVE-2025-52737 WordPress WP Store Locator plugin <= 2.2.260 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tijmen Smit WP Store Locator wp-store-locator allows Object Injection.This issue affects WP Store Locator: from n/a through = 2.2.260...