WordPress plugin BP Email Assign Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP-Recall plugin <= 16.26.10 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin WP-Recall versions = 16.26.10...

CVE-2024-13827

The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg and removequeryarg functions without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for...

CVE-2024-13431 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accentcolor and background parameter in all versions up to, and including, 1.6.8.3 due to insufficient input sanitization and output escaping...

WordPress Ninja Pages plugin <= 1.4.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Manas Talekar in WordPress Plugin Ninja Pages versions = 1.4.2...

CVE-2025-25087 WordPress seekXL Snapr plugin <= 2.0.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim seekXL Snapr seekxl-snapr allows Reflected XSS.This issue affects seekXL Snapr: from n/a through = 2.0.6...

CVE-2025-23570 WordPress WP Social Links plugin <= 0.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mitchell Bundy WP Social Links wp-social-links allows Reflected XSS.This issue affects WP Social Links: from n/a through = 0.3.1...

CVE-2025-23563 WordPress Explore pages plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mbyte Explore pages explore-pages allows Reflected XSS.This issue affects Explore pages: from n/a through = 1.01...

WordPress plugin Doctor Appointment Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2024-13901

CVE-2024-13901 concerns the WordPress plugin “Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site”. Affected: Counter Box up to version 2.0.6. Impact: DOM-based Stored Cross-Site Scripting via the content parameter, enabling an attacker with administrator-level privileg...

WordPress GenerateBlocks plugin <= 1.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via 'get_image_description' vulnerability

Authenticated Contributor+ Sensitive Information Exposure via 'getimagedescription' vulnerability discovered by Nishiv in WordPress Plugin GenerateBlocks versions = 1.9.1...

CVE-2025-1717

The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen' function. This makes it possible for unauthenticated attackers to log in an...

CVE-2025-26939 WordPress Counters Block plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Counters Block counters-block allows Stored XSS.This issue affects Counters Block: from n/a through = 1.1.2...

CVE-2025-22635 WordPress Eventer - WordPress Event & Booking Manager Plugin plugin < 3.9.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in imithemes Eventer eventer allows Reflected XSS.This issue affects Eventer: from n/a through 3.9.9...

CVE-2025-22632 WordPress WooCommerce Pricing – Product Pricing plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalsoft WooCommerce Pricing – Product Pricing woo-pricing-table allows Stored XSS.This issue affects WooCommerce Pricing – Product Pricing: from n/a through = 1.0.9...

WordPress Photo Gallery – Image Gallery Plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WordPress Photo Gallery – Image Gallery versions = 2.0.4...

WordPress Restrict Taxonomies Plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Restrict Taxonomies versions = 1.3.3...

WordPress plugin Coaching Staffs 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin User Private Files 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin Rapid Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...