WordPress plugin davaxi Goracash 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WP Hotel Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-10049

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelectionimage field in all versions up to, and including, 1.0.24. This makes it possible for authenticated attackers, with Administrator-level acce...

CVE-2025-8398

CVE-2025-8398 concerns the azurecurve BBCode WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s url shortcode in all versions up to and including 2.0.4. It affects authenticated users with contributor-level access and above, enabling injection of scripts t...

WordPress plugin Analytics Reduce Bounce Rate 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-39523 WordPress GoodBarber plugin <= 1.0.26 - Open Redirection Vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in GoodBarber GoodBarber goodbarber.This issue affects GoodBarber: from n/a through = 1.0.26...

WordPress Admin Menu Editor plugin <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via placeholder Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Admin Menu Editor versions = 1.14...

CVE-2025-58875 WordPress WP Github Gist Plugin <= 0.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: from n/a through = 0.5...

CVE-2025-58863 WordPress Zoomify embed for WP Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...

CVE-2025-58862

CVE-2025-58862 affects WordPress WordPress Events Calendar Plugin – connectDaily (versions

CVE-2025-58851

CVE-2025-58851 concerns the WordPress plugin Boxed Content (Boxed Content,

CVE-2025-58848 WordPress WP likes Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...

CVE-2025-58839 WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through = 1.2...

CVE-2025-58820 WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themepoints Carousel Ultimate carousel allows Stored XSS.This issue affects Carousel Ultimate: from n/a through = 1.8...

CVE-2025-58805 WordPress Widgetize Pages Light Plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Stored XSS.This issue affects Widgetize Pages Light: from n/a through = 3.0...

CVE-2025-58787

CVE-2025-58787 involves the WordPress plugin Themify Popup. The vulnerability is a stored XSS caused by improper neutralization of input during web page generation, affecting Themify Popup versions up to and including 1.4.4. Exploitation would occur when user-supplied input is stored and later re...

WordPress plugin Easy Download Media Counter Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin Notification for Telegram 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

WordPress plugin Simple Price Calculator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-58618

CVE-2025-58618 affects the WordPress Pie Calendar plugin up to version 1.2.8. The vulnerability is a DOM-based XSS due to improper input neutralization during web page generation. Impact is described as a cross-site scripting risk within Pie Calendar’s calendar rendering, potentially enabling inj...