CVE-2025-58220 WordPress Card Elements for WPBakery Plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Techeshta Card Elements for WPBakery card-elements-for-wpbakery allows DOM-Based XSS.This issue affects Card Elements for WPBakery: from n/a through = 1.0.8...

CVE-2025-58219

CVE-2025-58219: CSRF in WordPress plugin Show Pages List (LIJE Show Pages List) affecting

CVE-2025-58229 WordPress Sitekit Plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Sitekit sitekit allows Stored XSS.This issue affects Sitekit: from n/a through = 2.0...

CVE-2025-58232 WordPress Image Editor by Pixo Plugin <= 2.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ickata Image Editor by Pixo image-editor-by-pixo allows DOM-Based XSS.This issue affects Image Editor by Pixo: from n/a through = 2.3.8...

CVE-2025-58240 WordPress xili-tidy-tags Plugin <= 1.12.06 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michel - xiligroup dev xili-tidy-tags xili-tidy-tags allows Stored XSS.This issue affects xili-tidy-tags: from n/a through = 1.12.06...

CVE-2025-58242 WordPress Bg Church Memos Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vadim Bogaiskov Bg Church Memos bg-church-memos allows DOM-Based XSS.This issue affects Bg Church Memos: from n/a through = 1.1...

CVE-2025-58655 WordPress Category Featured Images Plugin <= 1.1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mat Category Featured Images category-featured-images allows Stored XSS.This issue affects Category Featured Images: from n/a through = 1.1.8...

CVE-2025-58669 WordPress Magento 2 WordPress Integration plugin <= 1.4.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modern Minds Magento 2 WordPress Integration m2wp allows Stored XSS.This issue affects Magento 2 WordPress Integration: from n/a through = 1.4.2.1...

WordPress plugin Buckets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Theater for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress plugin davaxi Goracash 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin SALESmanago 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

WordPress plugin Oshine Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin WP Hotel Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-10049

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelectionimage field in all versions up to, and including, 1.0.24. This makes it possible for authenticated attackers, with Administrator-level acce...

CVE-2025-8398

CVE-2025-8398 concerns the azurecurve BBCode WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s url shortcode in all versions up to and including 2.0.4. It affects authenticated users with contributor-level access and above, enabling injection of scripts t...

WordPress plugin Analytics Reduce Bounce Rate 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-39523 WordPress GoodBarber plugin <= 1.0.26 - Open Redirection Vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in GoodBarber GoodBarber goodbarber.This issue affects GoodBarber: from n/a through = 1.0.26...

WordPress Admin Menu Editor plugin <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via placeholder Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Admin Menu Editor versions = 1.14...

CVE-2025-58875 WordPress WP Github Gist Plugin <= 0.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: from n/a through = 0.5...