CVE-2025-23629 WordPress Gallerio plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Subhasis Laha Gallerio gallerio allows Reflected XSS.This issue affects Gallerio: from n/a through = 1.0.1...

CVE-2025-23541 WordPress Download, Downloads plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in edmon.parker Download, Downloads ydn-download allows Reflected XSS.This issue affects Download, Downloads : from n/a through = 1.4.2...

CVE-2025-22768

CVE-2025-22768 – CSRF in the Rocket Media Library Mime Type WordPress plugin enables Stored XSS in versions up to 2.1.0. CVSS v3.1 base score 7.1 (HIGH). Exploitation details are not provided in the connected documents; remediation details in the sources indicate a fix beyond 2.1.0, but the exact...

GHSA-QJW6-XVRM-5F2H Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL

An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. Bitbucket Server Integration Plugin implements this extension point to support OAuth 1.0 authentication. In Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 both inclusi...

CVE-2025-23874 WordPress WP Block Pack plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FalconTheme Team WP Block Pack wp-block-pack allows Reflected XSS.This issue affects WP Block Pack: from n/a through = 1.1.6...

CVE-2025-23603 WordPress Group category creator plugin <= 1.3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MohammadJafar Khajeh Group category creator group-category-creator allows Reflected XSS.This issue affects Group category creator: from n/a through = 1.3.0.3...

CVE-2025-23495 WordPress WooCommerce Order Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chetan Khandla WooCommerce Order Search woocommerce-order-searching allows Reflected XSS.This issue affects WooCommerce Order Search: from n/a through = 1.1.0...

WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by shaman0x01 in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...

WordPress WP-Polls plugin <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting vulnerability

Unauthenticated SQL Injection to Stored Cross-Site Scripting vulnerability discovered by Jack Taylor in WordPress Plugin WP-Polls versions = 2.77.2...

CVE-2024-12071 Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletenetworkpost function in all versions up to, and including, 1.4.4. This makes it possible for...

Photon OS 5.0: Rsync PHSA-2025-5.0-0447

An update of the rsync package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0447. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-23872 WordPress PayForm plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in payform PayForm payform allows Stored XSS.This issue affects PayForm: from n/a through = 2.0...

CVE-2025-23871

CVE-2025-23871 is a CSRF vulnerability in the LSD Google Maps Embedder. Public description indicates it affects versions up to 1.1, but the connected Red Hat entry only reiterates the CSRF issue without listing an available patch or fixed version. No exploits, mitigation steps, or precise remedia...

CVE-2025-23689 WordPress Blogger Image Import plugin <= 2.1 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Poco Blogger Image Import allows Stored XSS.This issue affects Blogger Image Import: from 2.1 through n/a...

CVE-2025-23649 WordPress Auphonic Importer plugin <= 1.5.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kreg Steppe Auphonic Importer auphonic-importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through = 1.5.1...

CVE-2025-23660 WordPress MFPlugin plugin <= 1.3 - CSRF to Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in Walter Cerrudo MFPlugin allows Stored XSS.This issue affects MFPlugin: from n/a through 1.3...

CVE-2025-23537 WordPress add custom google tag manager plugin <= 1.0.3 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3...

WordPress iSpring Embedder plugin <= 1.0 - CSRF to Arbitrary File Upload vulnerability

CSRF to Arbitrary File Upload vulnerability discovered by Colin Xu in WordPress Plugin iSpring Embedder versions = 1.0...

WordPress Group category creator plugin <= 1.3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by thiennv in WordPress Plugin Group category creator versions = 1.3.0.3...

WordPress Userbase Access Control plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Userbase Access Control versions = 1.0...