CVE-2025-59585

CVE-2025-59585 affects the WordPress plugin Penci Recipe. The connected document confirms a DOM-based XSS due to improper input neutralization during web page generation, affecting Penci Recipe versions from n/a through 4.0. The CVSS metrics indicate a network-accessible, low-privilege, low-impac...

CVE-2025-53455 WordPress CashBill.pl – Płatności WooCommerce Plugin <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CashBill CashBill.pl – Płatności WooCommerce cashbill-payment-method allows Stored XSS.This issue affects CashBill.pl – Płatności WooCommerce: from n/a through = 3.2.1...

CVE-2025-57898 WordPress WP Frontend Admin plugin <= 1.22.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jose Vega WP Frontend Admin display-admin-page-on-frontend allows Stored XSS.This issue affects WP Frontend Admin: from n/a through = 1.22.7...

CVE-2025-57910 WordPress AnyClip Luminous Studio Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AnyClip Video Platform AnyClip Luminous Studio allows Stored XSS. This issue affects AnyClip Luminous Studio: from n/a through 1.3.3...

CVE-2025-57914 WordPress Deliver via Shipos for WooCommerce plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Matat Technologies Deliver via Shipos for WooCommerce wc-shipos-delivery allows Cross Site Request Forgery.This issue affects Deliver via Shipos for WooCommerce: from n/a through = 3.0.2...

CVE-2025-57922 WordPress Envíos Coordinadora Woocommerce Plugin <= 1.1.31 - Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Coordinadora Mercantil S.A. Envíos Coordinadora Woocommerce allows Retrieve Embedded Sensitive Data. This issue affects Envíos Coordinadora Woocommerce: from n/a through 1.1.31...

CVE-2025-57922

CVE-2025-57922 concerns Envíos Coordinadora Woocommerce (Coordinadora) before version 1.1.31: Insertion of Sensitive Information Into Sent Data vulnerability that can lead to leakage of embedded sensitive data when data is transmitted. Affected product: Envíos Coordinadora Woocommerce (WordPress ...

CVE-2025-57935 WordPress Bot Block – Stop Spam Referrals in Google Analytics Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ricky Dawn Bot Block Stop Spam Referrals in Google Analytics allows Stored XSS. This issue affects Bot Block Stop Spam Referrals in Google Analytics: from n/a through 2.6...

CVE-2025-57943

CVE-2025-57943 describes a Server-Side Request Forgery (SSRF) in the WordPress plugin Skimlinks Affiliate Marketing Tool (skimlinks). The issue affects the plugin as installed in versions from n/a through

CVE-2025-57952 WordPress Maps for WP Plugin <= 1.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Maps for WP allows Stored XSS. This issue affects Maps for WP: from n/a through 1.2.5...

CVE-2025-57960

CVE-2025-57960 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Travel Map WordPress plugin. The issue affects the Travel Map plugin version range from not specified to 1.0.3 (i.e., vulnerable in Travel Map: from n/a through 1.0.3). The initial data provides a CVSS 3.1 base scor...

CVE-2025-57961 WordPress CoDesigner plugin <= 4.29 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through = 4.29...

CVE-2025-57963 WordPress Zoho Billing Plugin <= 4.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Subscriptions Zoho Billing zoho-subscriptions allows DOM-Based XSS.This issue affects Zoho Billing: from n/a through = 4.1...

CVE-2025-57980 WordPress Safety Exit Plugin <= 1.8.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas Cordero Safety Exit allows Stored XSS. This issue affects Safety Exit: from n/a through 1.8.0...

CVE-2025-57980 WordPress Safety Exit Plugin <= 1.8.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas Cordero Safety Exit safety-exit allows Stored XSS.This issue affects Safety Exit: from n/a through = 1.8.0...

CVE-2025-57992 WordPress Mail Baby SMTP Plugin <= 2.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in InterServer Mail Baby SMTP allows Cross Site Request Forgery. This issue affects Mail Baby SMTP: from n/a through 2.8...

CVE-2025-57994 WordPress Upcoming Events Lists Plugin <= 1.4.0 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists upcoming-events-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Upcoming Events Lists: from n/a through = 1.4.0...

CVE-2025-57997 WordPress Trustpilot Reviews Plugin <= 2.5.925 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Trustpilot Trustpilot Reviews trustpilot-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trustpilot Reviews: from n/a through = 2.5.925...

CVE-2025-58020

CVE-2025-58020 – The Theater for WordPress plugin is affected by a Stored XSS vulnerability due to improper input neutralization during web page generation. Affected range is Theater for WordPress from n/a through 0.18.8. The available connected documents confirm the issue and indicate it remains...

CVE-2025-58199 WordPress Fastly plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through = 1.2.28...