WordPress Vimeotheque Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Vimeotheque suffers from a cross-site request forgery vulnerability for which no detailed vulnerability details are currently available...

CVE-2025-68599

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...

WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CookieHint WP versions = 1.0.0...

WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin YITH Slider for page builders versions = 1.0.11...

EUVD-2025-205256

Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through = 1.9.6...

CVE-2025-68602 WordPress Accept Donations with PayPal plugin <= 1.5.2 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal & Stripe: from n/a through = 1.5.2...

CVE-2025-68573

CVE-2025-68573 is described as a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Simple Keyword to Link (simple-keyword-to-link). The Initial document states affected range as “Simple Keyword to Link: from n/a through

CVE-2025-68573 WordPress Simple Keyword to Link plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through = 1.5...

CVE-2025-68567 WordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through = 3.6.33...

CVE-2025-67625 WordPress Trade Runner plugin <= 3.14 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through = 3.14...

CVE-2025-67622

Technical details for CVE-2025-67622 are not provided in the supplied documents. Monitor for updates from official advisories; current data mentions CSRF and Stored XSS claims but lacks concrete product/version/impact details.

CVE-2023-36525 WordPress WPJobBoard plugin <= 5.9.0 - Unauth. Blind SQL Injection (SQLi) vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0...

CVE-2025-68529

Technical details for CVE-2025-68529 are not provided in the supplied connected documents. Current information confirms CSRF vulnerability in WP Email Capture

CVE-2025-68516

CVE-2025-68516: WordPress Tablesome plugin

CVE-2025-68497

The CVE-2025-68497 entry covers a Stored XSS vulnerability in Brainstorm Force Astra Widgets (astra-widgets) affecting versions up to 1.2.16. The root cause is improper neutralization/escaping of user-supplied input during web page generation, enabling arbitrary scripts to be injected into pages ...

PT-2025-53287

Name of the Vulnerable Software and Affected Versions Embeds For YouTube Plugin Support YouTube Embed versions through 5.4 Description The YouTube Embed plugin contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. This allo...

WordPress plugin H5P 安全漏洞

WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...

WordPress plugin Vimeotheque 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Vimeotheque suffers from a cross-site request forgery vulnerability for which no detailed vulnerability details are currently available...

WordPress plugin YouTube Embed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-68559

TheGem Theme Elements (for Elementor) WordPress plugin is vulnerable to Cross‑Site Scripting (XSS) due to improper input neutralization during web page generation. Affected versions are up to 5.10.5.1. Risk is mitigated by upgrading to a version later than 5.10.5.1, per multiple sources describin...