CVE-2025-58702 WordPress MarketKing Plugin <= 2.0.92 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebWizards MarketKing marketking-multivendor-marketplace-for-woocommerce allows Stored XSS.This issue affects MarketKing: from n/a through = 2.0.92...

WordPress plugin WordPress Widgets Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Image Editor by Pixo 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress plugin Include Me 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

CVE-2025-58794 WordPress Notification for Telegram plugin <= 3.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from n/a through = 3.5...

WordPress RingCentral Communications 1.6.8 Authentication Bypass

WordPress RingCentral Communications plugin versions 1.5 through 1.6.8 have a missing server-side verification that allows for authentication bypass...

WordPress Yahoo! WebPlayer Plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Yahoo! WebPlayer versions = 2.0.6...

WordPress plugin Church Admin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-57754

CVE-2025-57754 affects eslint-ban-moment (plugin for ESLint) with versions 3.0.0 and earlier. The root cause is exposure of a sensitive Supabase URI in the .env file, which, if valid and contains embedded credentials, can grant an attacker complete unauthorized access and control over the databas...

WordPress plugin Themify Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-54475

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands...

CVE-2025-52765 WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Stored XSS.This issue affects NetInsight Analytics Implementation Plugin: from n/a through = 1.0.3...

WordPress plugin Hydra Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Premmerce User Roles plugin <= 1.0.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Premmerce User Roles versions = 1.0.13...

WordPress Wholesale Suite plugin <= 2.2.4.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Wholesale Suite versions = 2.2.4.2...

CVE-2025-54039

CVE-2025-54039 describes a Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator, affecting Animator versions n/a through 3.0.16. The CVSS base metrics in the document indicate a medium severity (4.3), with network attack vector, no confidentiality or availability impact, and ...

CVE-2025-7504

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2025-49986 WordPress Video List Manager plugin <= 1.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in thanhtungtnt Video List Manager video-list-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Video List Manager: from n/a through = 1.7...

CVE-2025-52794 WordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Creative-Solutions Creative Contact Form sexy-contact-form allows Stored XSS.This issue affects Creative Contact Form: from n/a through = 1.0.0...

WordPress plugin Login/Signup Popup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...