CVE-2025-24609 WordPress PORTONE 우커머스 결제 Plugin <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through = 3.2.4...

CVE-2025-23759

CVE-2025-23759 is a reflected XSS vulnerability in the WordPress plugin Affiliate Tools Việt Nam (Leduchuy89VN) affecting versions up to 0.3.17. The issue stems from improper neutralization of input during web page generation. CVSS 3.1 base score 7.1 (HIGH) with network access, no privileges, and...

CVE-2025-23976 WordPress Issuu Panel plugin <= 2.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in operationsissuu Issuu Panel issuu-panel allows Stored XSS.This issue affects Issuu Panel: from n/a through = 2.1.1...

WordPress plugin SKT Donation 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress plugin User Messages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Single-user-chat plugin <= 0.5 - Authenticated (Subscriber+) Limited Options Update vulnerability

Authenticated Subscriber+ Limited Options Update vulnerability discovered by Colin Xu in WordPress Plugin Single-user-chat versions = 0.5...

CVE-2024-12709

The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2025-24671

Deserialization of Untrusted Data vulnerability in Pdfcrowd Dev Team Save as PDF save-as-pdf-by-pdfcrowd allows Object Injection.This issue affects Save as PDF: from n/a through = 4.4.0...

CVE-2025-24626 WordPress Music Store – WordPress eCommerce Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through = 1.1.19...

CVE-2025-24537 WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through = 6.7.0...

WordPress plugin Morkva UA Shipping 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1988 · WordPress · Dyn Business Panel

Name of the Vulnerable Software and Affected Versions: Dyn Business Panel WordPress plugin version 1.0.0 Description: The issue arises from the plugin not sanitizing and escaping a parameter before outputting it back in the page. This leads to a Reflected Cross-Site Scripting that could be used...

CVE-2024-13562

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored...

WordPress plugin Connections Business Directory 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2025-24746 WordPress Popup Maker plugin <= 1.20.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Popup Maker popup-maker allows Stored XSS.This issue affects Popup Maker: from n/a through = 1.20.2...

CVE-2025-24712

The CVE is CVE-2025-24712: Radius Blocks (WordPress Gutenberg Blocks) is affected up to and including version 2.1.2 and earlier. A Cross-Site Request Forgery (CSRF) vulnerability could allow unauthorized actions on a user’s account. The provided data confirms the CSRF root cause and affected rang...

CVE-2025-24659 WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Blind SQL Injection.This issue affects WPDM – Premium Packages: from n/a through = 5.9.6...

CVE-2025-24634

CVE-2025-24634 affects the Orbisius Simple Notice WordPress plugin (versions ≤ 1.1.3). It is a Stored XSS due to improper input neutralization during web page generation. CVSS 3.1 base score 5.9 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). Connected sources indicate patching in version 1.1.3 (patched),...

CVE-2024-13409

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the posttypeajaxhandler function. This makes it possible for...

CVE-2025-23734 WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Casey Bisson Gigaom Sphinx go-sphinx allows Reflected XSS.This issue affects Gigaom Sphinx: from n/a through = 0.1...