15885 matches found
CVE-2025-68035 WordPress Tabby Checkout plugin <= 5.8.4 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through = 5.8.4...
CVE-2025-68030
Summary (CVE-2025-68030) The WordPress plugin Frontis Blocks (Frontis Blocks — Block Library for the Block Editor) is affected up to version 1.1.5. A Server-Side Request Forgery (SSRF) vulnerability exists in the frontis-blocks component, exploitable via the url parameter, enabling the SSRF issue...
CVE-2025-68011 WordPress GLS Shipping for WooCommerce plugin <= 1.4.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through = 1.4.0...
CVE-2025-68012 WordPress CodeColorer plugin <= 0.10.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through = 0.10.1...
CVE-2025-68001
CVE-2025-68001 affects garidium g-FFL Checkout (WordPress plugin) ≤ 2.1.0 and is an Unrestricted Upload of a File with Dangerous Type, enabling a Web Shell upload to the server. Root cause: improper validation/allowance of dangerous file types during upload. Impact: potential remote code executio...
CVE-2025-67960
CVE-2025-67960 describes a Reflected XSS in the WordPress plugin WorkScout-Core (purethemes WorkScout-Core) affecting versions up to 1.7.06. The issue is caused by improper neutralization of input during web page generation (cross-site scripting). The connected Wordfence details confirm this CVE ...
CVE-2025-67943 WordPress My auctions allegro plugin <= 3.6.32 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through = 3.6.32...
CVE-2025-67923 WordPress JetEngine plugin <= 3.7.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through = 3.7.7...
CVE-2025-67626
CVE-2025-67626 shows a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP SEO Search (wp-seo-search) by Angel Costa. Affected versions are WP SEO Search: from n/a through
CVE-2025-66136
CVE-2025-66136 is a confirmed Missing Authorization vulnerability in the WordPress plugin Carter for Elementor (Carter for Elementor) affecting versions up to 1.0.2. Public docs describe an access-control misconfiguration that enables exploitation via improper authorization, with the NVD entry no...
CVE-2025-63051 WordPress REHub Framework plugin < 19.9.9.4 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through 19.9.9.4...
CVE-2025-63051 WordPress REHub Framework plugin < 19.9.9.4 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through 19.9.9.4...
CVE-2025-63017 WordPress WerkStatt plugin plugin <= 1.6.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes WerkStatt Plugin werkstatt-plugin allows PHP Local File Inclusion.This issue affects WerkStatt Plugin: from n/a through = 1.6.6...
CVE-2025-62077
The CVE-2025-62077 entry concerns the WordPress Affiliate Link Tracker plugin, affected versions through 0.2. The vulnerability is Stored XSS caused by improper input handling during web page generation, as stated across Red Hat, NVD, CVE records and third-party sources. Impact is defined as stor...
CVE-2025-52762 WordPress flexo-posts-manager Plugin <= 1.0001 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flexostudio flexo-posts-manager flexo-posts-manager allows Reflected XSS.This issue affects flexo-posts-manager: from n/a through = 1.0001...
CVE-2025-47666 WordPress Image&Video FullScreen Background plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Image&Video FullScreen Background lbgfullscreenfullwidthslider allows Reflected XSS.This issue affects Image&Video FullScreen Background: from n/a through = 1.6.7...
WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Final User versions = 1.2.5...
WordPress Hotel Listing plugin <= 1.4.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Hotel Listing versions = 1.4.2...
WordPress Hospital Doctor Directory plugin <= 1.3.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Hospital Doctor Directory versions = 1.3.9...
CVE-2026-0920
CVE-2026-0920 affects the WordPress plugin “LA-Studio Element Kit for Elementor” (≤ 1.5.6.3). The root cause is a missing role restriction in the AJAX registration handler (ajax_register_handle), which lets unauthenticated users supply the lakit_bkrole parameter and create an administrator accoun...