CVE-2025-69007 WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

CVE-2025-23554 WordPress Off Page SEO plugin <= 3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page SEO: from n/a through = 3.0.3...

CVE-2025-23469 WordPress Sleekplan plugin <= 0.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sleekplan allows Reflected XSS.This issue affects Sleekplan: from n/a through 0.2.0...

CVE-2025-68860 WordPress Mobile builder plugin <= 1.4.2 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder mobile-builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through = 1.4.2...

CVE-2025-68879 WordPress Content Grid Slider plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in councilsoft Content Grid Slider content-grid-slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through = 1.5...

WordPress Visitor Stats Widget plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Visitor Stats Widget versions = 1.5.0...

WordPress Quiz Maker 6.7.0.56 - SQL Injection

Exploit Title: WordPress Quiz Maker 6.7.0.56 - SQL Injection Date: 2025-12-16 Exploit Author: Rahul Sreenivasan Tr0j4n Vendor Homepage: https://ays-pro.com/wordpress/quiz-maker Software Link: https://wordpress.org/plugins/quiz-maker/ Version: = 6.7.0.56 Tested on: WordPress 6.x with Quiz Maker...

CVE-2025-68605 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.23...

CVE-2025-68590 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through = 1.4.2...

CVE-2025-68567

Technical details for CVE-2025-68567 are not provided in the supplied connected documents. Public disclosure/updates should be monitored for the affected plugin (my-auctions-allegro-free-edition). No vendor/product specifics beyond the description are available here.

CVE-2025-67631 WordPress Gift Hunt plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ecommerce Platforms Gift Hunt gift-hunt allows Stored XSS.This issue affects Gift Hunt: from n/a through = 2.0.2...

CVE-2025-67625 WordPress Trade Runner plugin <= 3.14 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through = 3.14...

CVE-2023-32120

CVE-2023-32120 affects the WordPress plugin Hostel. The issue is an XSS vulnerability caused by improper neutralization of input during web page generation, enabling DOM-based XSS in affected versions up to 1.1.5.1. A fix is available in version 1.1.5.2. Multiple connected sources corroborate thi...

CVE-2025-68563 WordPress Subscribe to Unlock Lite plugin <= 1.3.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP Local File Inclusion.This issue affects Subscribe to Unlock Lite: from n/a through = 1.3.0...

WordPress plugin Twitch Player 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress WooMulti plugin <= 1.7 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin WooMulti versions = 1.7...

CVE-2025-14734

CVE-2025-14734 concerns the Amazon affiliate lite Plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) affecting all versions up to 1.0.0, caused by missing or incorrect nonce validation in the ADAL_settings_page function. This enables unauthenticated attackers to update...

CVE-2025-63043 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.23...

CVE-2025-60089

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...

CVE-2025-67546 WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through = 1.16.6...