WordPress plugin Catch Dark Mode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2025-31586

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Gallery – Photo Albums Plugin easy-media-gallery allows Stored XSS.This issue affects Gallery – Photo Albums Plugin: from n/a through = 1.3.170...

CVE-2025-31078 WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.18 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Reflected XSS.This issue affects Small Package Quotes – Worldwide Express Edition: from n/...

WordPress ACF City Selector plugin <= 1.17.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abdi Pranata in WordPress Plugin ACF City Selector versions = 1.17.0...

CVE-2025-31908 WordPress JSON Structuring Markup plugin <= 0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup allows Stored XSS. This issue affects JSON Structuring Markup: from n/a through 0.1...

CVE-2025-31822 WordPress WordPress Simple HTML Sitemap plugin <= 3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through = 3.5...

CVE-2025-31796 WordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.9 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in TheInnovs ElementsCSS Addons for Elementor css-for-elementor allows Server Side Request Forgery.This issue affects ElementsCSS Addons for Elementor: from n/a through = 1.0.8.9...

CVE-2025-31738 WordPress LeadQuizzes Plugin <= 1.1.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yazamodeveloper LeadQuizzes allows Stored XSS. This issue affects LeadQuizzes: from n/a through 1.1.0...

WordPress plugin ContentBot AI Writer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

WordPress Rich Text Editor plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Rich Text Editor versions = 1.0.1...

WordPress Appointy Appointment Scheduler plugin <= 4.2.1 - CSRF to Settings Change vulnerability

CSRF to Settings Change vulnerability discovered by Dhabaleshwar Das in WordPress Plugin Appointy Appointment Scheduler versions = 4.2.1...

CVE-2025-31623 WordPress Rich Text Editor plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in richtexteditor Rich Text Editor richtexteditor allows Stored XSS.This issue affects Rich Text Editor: from n/a through = 1.0.1...

CVE-2025-31616 WordPress Varnish WordPress plugin <= 1.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery. This issue affects Varnish WordPress: from n/a through 1.7...

CVE-2025-31585 WordPress Leadfox for WordPress plugin <= 2.1.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in leadfox Leadfox for WordPress leadfox allows Cross Site Request Forgery.This issue affects Leadfox for WordPress: from n/a through = 2.1.9...

WordPress plugin ContentMX Content Publisher 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Browser Caching with .htaccess 1.2.1 plugin - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Browser Caching with .htaccess versions 1.2.1...

CVE-2025-31440 WordPress Terms of Use plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Team Terms of Use terms-of-use-2 allows Stored XSS.This issue affects Terms of Use: from n/a through = 2.0...

CVE-2025-31459 WordPress Login Alert plugin <= 0.2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in PasqualePuzio Login Alert allows Stored XSS. This issue affects Login Alert: from n/a through 0.2.1...

CVE-2025-31077 WordPress Ultimate Blocks plugin <= 3.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks allows DOM-Based XSS. This issue affects Ultimate Blocks: from n/a through 3.2.7...

CVE-2025-31077

CVE-2025-31077 is a stored XSS in Ultimate Blocks (WordPress Blocks Plugin) affecting versions up to 3.2.7. The Wordfence vulnerability listing notes authenticated access (Contributor+) as the prerequisite and that a patch exists; upgrade to version 3.2.7+ to remediate.