CVE-2025-60093 WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shahjada Download Manager download-manager allows Cross Site Request Forgery.This issue affects Download Manager: from n/a through = 3.3.24...

CVE-2025-10180

The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

WordPress plugin The Tribal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Uni CPO (Premium) plugin <= 4.9.54 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file' vulnerability

Unauthenticated Arbitrary File Upload via 'unicpouploadfile' vulnerability discovered by Ren Voza in WordPress Plugin Uni CPO Premium versions = 4.9.54...

WordPress Append Link on Copy Plugin <= 0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Append Link on Copy versions = 0.2...

CVE-2025-58960 WordPress IP Based Login Plugin <= 2.4.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in brijeshk89 IP Based Login ip-based-login allows Stored XSS.This issue affects IP Based Login: from n/a through = 2.4.3...

CVE-2025-58968 WordPress MaxiBlocks Plugin <= 2.1.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MaxiBlocks: from n/a through = 2.1.3...

CVE-2025-59584 WordPress Penci Podcast Plugin <= 1.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through = 1.6...

CVE-2025-59585

CVE-2025-59585 affects the WordPress plugin Penci Recipe. The connected document confirms a DOM-based XSS due to improper input neutralization during web page generation, affecting Penci Recipe versions from n/a through 4.0. The CVSS metrics indicate a network-accessible, low-privilege, low-impac...

CVE-2025-53455 WordPress CashBill.pl – Płatności WooCommerce Plugin <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CashBill CashBill.pl – Płatności WooCommerce cashbill-payment-method allows Stored XSS.This issue affects CashBill.pl – Płatności WooCommerce: from n/a through = 3.2.1...

CVE-2025-57898 WordPress WP Frontend Admin plugin <= 1.22.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jose Vega WP Frontend Admin display-admin-page-on-frontend allows Stored XSS.This issue affects WP Frontend Admin: from n/a through = 1.22.7...

CVE-2025-57910 WordPress AnyClip Luminous Studio Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AnyClip Video Platform AnyClip Luminous Studio allows Stored XSS. This issue affects AnyClip Luminous Studio: from n/a through 1.3.3...

CVE-2025-57914 WordPress Deliver via Shipos for WooCommerce plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Matat Technologies Deliver via Shipos for WooCommerce wc-shipos-delivery allows Cross Site Request Forgery.This issue affects Deliver via Shipos for WooCommerce: from n/a through = 3.0.2...

CVE-2025-57922 WordPress Envíos Coordinadora Woocommerce Plugin <= 1.1.31 - Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Coordinadora Mercantil S.A. Envíos Coordinadora Woocommerce allows Retrieve Embedded Sensitive Data. This issue affects Envíos Coordinadora Woocommerce: from n/a through 1.1.31...

CVE-2025-57922

CVE-2025-57922 concerns Envíos Coordinadora Woocommerce (Coordinadora) before version 1.1.31: Insertion of Sensitive Information Into Sent Data vulnerability that can lead to leakage of embedded sensitive data when data is transmitted. Affected product: Envíos Coordinadora Woocommerce (WordPress ...

CVE-2025-57935 WordPress Bot Block – Stop Spam Referrals in Google Analytics Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ricky Dawn Bot Block Stop Spam Referrals in Google Analytics allows Stored XSS. This issue affects Bot Block Stop Spam Referrals in Google Analytics: from n/a through 2.6...

CVE-2025-57943

CVE-2025-57943 describes a Server-Side Request Forgery (SSRF) in the WordPress plugin Skimlinks Affiliate Marketing Tool (skimlinks). The issue affects the plugin as installed in versions from n/a through

CVE-2025-57952 WordPress Maps for WP Plugin <= 1.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Maps for WP allows Stored XSS. This issue affects Maps for WP: from n/a through 1.2.5...

CVE-2025-57960

CVE-2025-57960 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Travel Map WordPress plugin. The issue affects the Travel Map plugin version range from not specified to 1.0.3 (i.e., vulnerable in Travel Map: from n/a through 1.0.3). The initial data provides a CVSS 3.1 base scor...

CVE-2025-57961 WordPress CoDesigner plugin <= 4.29 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through = 4.29...