Exploit for CVE-2025-28915

CVE-2025-28915 - WordPress ThemeEgg ToolKit Arbitrary File Upl...

WordPress Post Read Time plugin <= 1.2.6 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Post Read Time versions = 1.2.6...

WordPress Builder for Contact Form 7 by Webconstruct plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Builder for Contact Form 7 by Webconstruct versions = 1.2.2...

WordPress Maintenance Notice plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Maintenance Notice versions = 1.0.6...

CVE-2025-28868 WordPress ZipList Recipe plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ZipList ZipList Recipe ziplist-recipe-plugin allows Cross Site Request Forgery.This issue affects ZipList Recipe: from n/a through = 3.1...

CVE-2025-28914 WordPress wordpress login form to anywhere plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Sharma wordpress login form to anywhere wp-show-login-form allows Stored XSS.This issue affects wordpress login form to anywhere: from n/a through = 0.2...

CVE-2025-28902 WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects Contact Form 7 Select Box Editor Button: from n/a through = 0.6...

CVE-2025-28895 WordPress Custom top bar plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Suman Biswas Custom top bar custom-top-bar allows Stored XSS.This issue affects Custom top bar: from n/a through = 2.1...

WordPress plugin BP Email Assign Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP-Recall plugin <= 16.26.10 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin WP-Recall versions = 16.26.10...

CVE-2024-13827

The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg and removequeryarg functions without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for...

CVE-2024-13431 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accentcolor and background parameter in all versions up to, and including, 1.6.8.3 due to insufficient input sanitization and output escaping...

WordPress Ninja Pages plugin <= 1.4.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Manas Talekar in WordPress Plugin Ninja Pages versions = 1.4.2...

CVE-2025-25087 WordPress seekXL Snapr plugin <= 2.0.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim seekXL Snapr seekxl-snapr allows Reflected XSS.This issue affects seekXL Snapr: from n/a through = 2.0.6...

CVE-2025-23570 WordPress WP Social Links plugin <= 0.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mitchell Bundy WP Social Links wp-social-links allows Reflected XSS.This issue affects WP Social Links: from n/a through = 0.3.1...

CVE-2025-23563 WordPress Explore pages plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mbyte Explore pages explore-pages allows Reflected XSS.This issue affects Explore pages: from n/a through = 1.01...

WordPress plugin Doctor Appointment Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2024-13901

CVE-2024-13901 concerns the WordPress plugin “Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site”. Affected: Counter Box up to version 2.0.6. Impact: DOM-based Stored Cross-Site Scripting via the content parameter, enabling an attacker with administrator-level privileg...

WordPress GenerateBlocks plugin <= 1.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via 'get_image_description' vulnerability

Authenticated Contributor+ Sensitive Information Exposure via 'getimagedescription' vulnerability discovered by Nishiv in WordPress Plugin GenerateBlocks versions = 1.9.1...

CVE-2025-1717

The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen' function. This makes it possible for unauthenticated attackers to log in an...