WordPress AI Feeds plugin <= 1.0.11 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin AI Feeds versions = 1.0.11...

WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Donation Thermometer versions = 2.2.6...

WordPress Search Exclude plugin <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API vulnerability

Missing Authorization to Authenticated Contributor+ Search Settings Modification via REST API vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Search Exclude versions = 2.5.7...

CVE-2025-13380

The CVE-2025-13380 entry affects the WordPress plugin AI Engine for WordPress: ChatGPT, GPT Content Generator, vulnerable in all versions up to 1.0.1. Root cause is insufficient validation of user-supplied file paths in the lqdai_update_post AJAX endpoint and use of file_get_contents() with user-...

WordPress Locker Content plugin <= 1.0.0 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Locker Content versions = 1.0.0...

WordPress Conditional Maintenance Mode for WordPress plugin <= 1.0.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Conditionnal Maintenance Mode for WordPress versions = 1.0.0...

WordPress ELEX WordPress HelpDesk&Customer Ticketing System plugin missing privilege check vulnerability

WordPress ELEX WordPress HelpDesk& Customer Ticketing System plugin is a helpdesk and customer work order system plugin designed for WordPress websites, designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk& Customer Ticketing...

WordPress Plugin LearnPress Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin LearnPress, which stems...

WordPress plugin Chamber Dashboard Business Directory 安全漏洞

WordPress Chamber Dashboard Business Directory plugin is a plugin for creating business directories, job boards, real estate, classified ads and other types of directory websites with support for custom forms, image uploads, payment integration and more. The WordPress Chamber Dashboard Business...

EUVD-2025-198620

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

WordPress plugin Guest posting / Frontend Posting / Front Editor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-13384

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint via the 'cpcontactformppipncheck' query parameter that processes payment confirmations...

WordPress Better Search plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Better Search versions = 4.2.1...

CVE-2025-66061

Cross-Site Request Forgery CSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

CVE-2025-13317 Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint cpabcappointmentscheckIPNverification that trusts attacker-supplied payment...

WordPress Stock Tools plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Stock Tools versions = 1.1...

WordPress Tips Shortcode plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Tips Shortcode versions = 0.2.1...

CVE-2025-66061

Cross-Site Request Forgery CSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

CVE-2025-66111

CVE-2025-66111: Nelio Popups for WordPress is affected by a Stored XSS due to improper input neutralization in web page generation for versions up to 1.3.0. Wordfence notes this entry is patched; the CVSSv3.1 base score is 6.1 (Medium) with network access required and user interaction needed. The...

CVE-2025-66098

CVE-2025-66098 pertains to WordPress travel ers-map plugin with a Stored XSS flaw due to improper input neutralization during web page generation. Affected plugin versions are Travelers' Map &lt;= 2.3.2 (authenticated context). The issue is substantiated across multiple sources (NVD, Red Hat, CIR...