WordPress s2Member plugin <= 250905 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by ? in WordPress Plugin s2Member versions = 250905...

CVE-2025-57933

Technical details of CVE-2025-57933 are not provided in the connected documents. The initial description notes a CSRF issue in Piotnet Forms affecting versions from n/a to 1.0.30; monitor for official vendor advisories or patches for specifics.

CVE-2025-58235

CVE-2025-58235 affects the WordPress plugin Front End Users (front-end-only-users). The connected Wordfence entry specifies an Authenticated (Contributor+) Stored XSS vulnerability in Front End Users

CVE-2025-58657 WordPress Grid plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in EdwardBock Grid grid allows Stored XSS.This issue affects Grid: from n/a through = 2.3.1...

CVE-2025-58702 WordPress MarketKing Plugin <= 2.0.92 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebWizards MarketKing marketking-multivendor-marketplace-for-woocommerce allows Stored XSS.This issue affects MarketKing: from n/a through = 2.0.92...

WordPress plugin WordPress Widgets Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Image Editor by Pixo 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress plugin Include Me 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

CVE-2025-58794 WordPress Notification for Telegram plugin <= 3.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from n/a through = 3.5...

WordPress RingCentral Communications 1.6.8 Authentication Bypass

WordPress RingCentral Communications plugin versions 1.5 through 1.6.8 have a missing server-side verification that allows for authentication bypass...

WordPress Yahoo! WebPlayer Plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Yahoo! WebPlayer versions = 2.0.6...

WordPress plugin Church Admin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-57754

CVE-2025-57754 affects eslint-ban-moment (plugin for ESLint) with versions 3.0.0 and earlier. The root cause is exposure of a sensitive Supabase URI in the .env file, which, if valid and contains embedded credentials, can grant an attacker complete unauthorized access and control over the databas...

WordPress plugin Themify Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-54475

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands...

CVE-2025-52765 WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Stored XSS.This issue affects NetInsight Analytics Implementation Plugin: from n/a through = 1.0.3...

WordPress plugin Hydra Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Premmerce User Roles plugin <= 1.0.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Premmerce User Roles versions = 1.0.13...

WordPress Wholesale Suite plugin <= 2.2.4.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Wholesale Suite versions = 2.2.4.2...

CVE-2025-54039

CVE-2025-54039 describes a Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator, affecting Animator versions n/a through 3.0.16. The CVSS base metrics in the document indicate a medium severity (4.3), with network attack vector, no confidentiality or availability impact, and ...