WordPress Bootstrap Modals plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Bootstrap Modals versions = 1.3.2...

CVE-2025-62096

CVE-2025-62096 corresponds to a Stored XSS in the WordPress plugin Maximum Products per User for WooCommerce. The Wordfence entry (connected document) lists the affected software as Maximum Products per User for WooCommerce and notes vulnerability type as Authenticated (Contributor+) Stored Cross...

CVE-2025-62111 WordPress Extra Shortcodes plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Extra Shortcodes extra-shortcodes allows Stored XSS.This issue affects Extra Shortcodes: from n/a through = 2.2...

CVE-2025-62111

CVE-2025-62111 affects the WordPress plugin Extra Shortcodes (

WordPress Extra Shortcodes plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Extra Shortcodes versions = 2.2...

CVE-2025-62743 WordPress MyBookTable Bookstore plugin <= 3.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zookatron MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.5.5...

CVE-2025-62744 WordPress Page Title Splitter plugin <= 2.5.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Steman Page Title Splitter page-title-splitter allows Stored XSS.This issue affects Page Title Splitter: from n/a through = 2.5.9...

WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Web and WooCommerce Addons for WPBakery Builder versions = 1.5...

CVE-2025-62749 WordPress User Specific Content plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bainternet User Specific Content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through 1.0.6...

CVE-2025-62135 WordPress Responsive Block Control plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in landwire Responsive Block Control responsive-block-control allows DOM-Based XSS.This issue affects Responsive Block Control: from n/a through = 1.3.0...

WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin Follow My Blog Post versions = 2.4.0...

CVE-2025-62757 WordPress WebMan Amplifier plugin <= 1.5.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebMan Design | Oliver Juhas WebMan Amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through 1.5.12...

WordPress The Moneytizer plugin <= 10.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin The Moneytizer versions = 10.0.9...

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

CVE-2025-49353

Technical details for CVE-2025-49353 (Noindex by Path) are not provided in the supplied documents; public information about affected versions, impact, and remediation is not available here. Monitor for updates.

WordPress SensitiveTagCloud plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin SensitiveTagCloud versions = 1.4.1...

CVE-2025-59137 WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through = 1.7.5...

WordPress Auto Thickbox plugin <= 3.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Auto Thickbox versions = 3.5...

WordPress GDPR Cookie Compliance plugin < 4.15.9 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.9...

WordPress plugin FormFacade 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...