CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

WordPress plugin Instantio 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress WZ Followed Posts plugin <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin WZ Followed Posts - Display what visitors are reading versions = 3.1.0...

WordPress Homey plugin <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Reservation & Post Deletion vulnerability discovered by a00n in WordPress Theme Homey versions = 2.4.4...

WordPress AM LottiePlayer plugin <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Uploaded Lottie File vulnerability discovered by Avraham Shemesh in WordPress Plugin AM LottiePlayer versions = 3.5.3...

WordPress plugin abcsubmit code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

CVE-2025-3106

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress Aeropage Sync for Airtable plugin <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Cheng Liu in WordPress Plugin Aeropage Sync for Airtable versions = 3.2.0...

CVE-2025-46502 WordPress LSD Custom taxonomy and category meta plugin <= 1.3.2 - CSRF to XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bas Matthee LSD Custom taxonomy and category meta allows Cross Site Request Forgery. This issue affects LSD Custom taxonomy and category meta: from n/a through 1.3.2...

CVE-2025-46492 WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1...

WordPress plugin Social Counter 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Mang Board WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2025-27333 WordPress Protected wp-login Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alvego Protected wp-login protected-wp-login allows Reflected XSS.This issue affects Protected wp-login: from n/a through = 2.1...

CVE-2025-32504 WordPress Silvasoft boekhouden plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silvasoft Silvasoft boekhouden silvasoft-boekhouden allows Reflected XSS.This issue affects Silvasoft boekhouden: from n/a through = 3.0.6...

CVE-2025-39415

Summary of CVE-2025-39415 (Social Media Links) A CSRF flaw in the WordPress plugin Social Media Links (by Jayesh Parejiya) enables Stored XSS in versions up to 1.0.3 (affected: 0.0 through 1.0.3). Public sources consistently describe the issue as a CSRF that permits injection of stored scripts, w...

CVE-2025-39414 WordPress spam-stopper plugin <= 3.1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Mike spam-stopper spam-stopper allows Stored XSS.This issue affects spam-stopper: from n/a through = 3.1.3...

CVE-2025-39416 WordPress translit it! plugin <= 1.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ichi translit it! allows Stored XSS. This issue affects translit it!: from n/a through 1.6...

CVE-2025-39455 WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5...

WordPress plugin WordPress Photo Gallery – Image Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Payment Form for PayPal Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...