CVE-2025-58863 WordPress Zoomify embed for WP Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...

CVE-2025-58862

CVE-2025-58862 affects WordPress WordPress Events Calendar Plugin – connectDaily (versions

CVE-2025-58851

CVE-2025-58851 concerns the WordPress plugin Boxed Content (Boxed Content,

CVE-2025-58848 WordPress WP likes Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...

CVE-2025-58839 WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through = 1.2...

CVE-2025-58820 WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themepoints Carousel Ultimate carousel allows Stored XSS.This issue affects Carousel Ultimate: from n/a through = 1.8...

CVE-2025-58805 WordPress Widgetize Pages Light Plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Stored XSS.This issue affects Widgetize Pages Light: from n/a through = 3.0...

CVE-2025-58787

CVE-2025-58787 involves the WordPress plugin Themify Popup. The vulnerability is a stored XSS caused by improper neutralization of input during web page generation, affecting Themify Popup versions up to and including 1.4.4. Exploitation would occur when user-supplied input is stored and later re...

WordPress plugin Easy Download Media Counter Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin Notification for Telegram 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

WordPress plugin Simple Price Calculator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-58618

CVE-2025-58618 affects the WordPress Pie Calendar plugin up to version 1.2.8. The vulnerability is a DOM-based XSS due to improper input neutralization during web page generation. Impact is described as a cross-site scripting risk within Pie Calendar’s calendar rendering, potentially enabling inj...

PT-2025-35780

Name of the Vulnerable Software and Affected Versions: Jenkins Git client Plugin versions 6.3.2 and earlier Description: The Git URL field form validation responses differ based on whether the specified file path exists on the Jenkins controller when using the amazon-s3 protocol with JGit. This...

WordPress OSM Map Widget for Elementor plugin <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button URL vulnerability discovered by zer0gh0st in WordPress Plugin OSM Map Widget for Elementor versions = 1.3.0...

CVE-2025-48361 WordPress Hesabfa Accounting plugin <= 2.2.5 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Retrieve Embedded Sensitive Data.This issue affects Hesabfa Accounting: from n/a through = 2.2.5...

CVE-2025-48352 WordPress Yandex Site search pinger plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sitesearch-yandex Yandex Site search pinger yandex-pinger allows Stored XSS.This issue affects Yandex Site search pinger: from n/a through = 1.5...

CVE-2025-48347 WordPress bxSlider integration for WordPress plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vincent Mimoun-Prat bxSlider integration for WordPress bxslider-integration allows Stored XSS.This issue affects bxSlider integration for WordPress: from n/a through = 1.7.2...

WordPress plugin YouTube Showcase 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Houzez CRM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-58213 WordPress Booking System Trafft Plugin <= 1.0.14 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ameliabooking Booking System Trafft booking-system-trafft allows Stored XSS.This issue affects Booking System Trafft: from n/a through = 1.0.14...