WordPress plugin ContentBot AI Writer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

WordPress Rich Text Editor plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Rich Text Editor versions = 1.0.1...

WordPress Appointy Appointment Scheduler plugin <= 4.2.1 - CSRF to Settings Change vulnerability

CSRF to Settings Change vulnerability discovered by Dhabaleshwar Das in WordPress Plugin Appointy Appointment Scheduler versions = 4.2.1...

CVE-2025-31623 WordPress Rich Text Editor plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in richtexteditor Rich Text Editor richtexteditor allows Stored XSS.This issue affects Rich Text Editor: from n/a through = 1.0.1...

CVE-2025-31616 WordPress Varnish WordPress plugin <= 1.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery. This issue affects Varnish WordPress: from n/a through 1.7...

CVE-2025-31585 WordPress Leadfox for WordPress plugin <= 2.1.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in leadfox Leadfox for WordPress leadfox allows Cross Site Request Forgery.This issue affects Leadfox for WordPress: from n/a through = 2.1.9...

WordPress plugin ContentMX Content Publisher 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Browser Caching with .htaccess 1.2.1 plugin - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Browser Caching with .htaccess versions 1.2.1...

CVE-2025-31440 WordPress Terms of Use plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Team Terms of Use terms-of-use-2 allows Stored XSS.This issue affects Terms of Use: from n/a through = 2.0...

CVE-2025-31459 WordPress Login Alert plugin <= 0.2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in PasqualePuzio Login Alert allows Stored XSS. This issue affects Login Alert: from n/a through 0.2.1...

CVE-2025-31077

CVE-2025-31077 is a stored XSS in Ultimate Blocks (WordPress Blocks Plugin) affecting versions up to 3.2.7. The Wordfence vulnerability listing notes authenticated access (Contributor+) as the prerequisite and that a patch exists; upgrade to version 3.2.7+ to remediate.

CVE-2025-31077 WordPress Ultimate Blocks plugin <= 3.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks allows DOM-Based XSS. This issue affects Ultimate Blocks: from n/a through 3.2.7...

WordPress Flexible Cookies plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Flexible Cookies versions = 1.1.8...

CVE-2025-30887 WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.2.9...

CVE-2025-30862 WordPress reCAPTCHA for all plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in sminozzi reCAPTCHA for all recaptcha-for-all allows Cross Site Request Forgery.This issue affects reCAPTCHA for all: from n/a through = 2.22...

CVE-2025-30801 WordPress TWB Woocommerce Reviews plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Abu Bakar TWB Woocommerce Reviews twb-woocommerce-reviews allows Cross Site Request Forgery.This issue affects TWB Woocommerce Reviews: from n/a through = 1.7.7...

CVE-2025-30800 WordPress Gum Elementor Addon plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atawai Gum Elementor Addon gum-elementor-addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through = 1.3.10...

WordPress WP Google Review Slider plugin <= 16.0 - CSRF to SQL Injection vulnerability

CSRF to SQL Injection vulnerability discovered by astra.r3verii in WordPress Plugin WP Google Review Slider versions = 16.0...

WordPress plugin MC Woocommerce Wishlist SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin Store Locator Widget 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...