PT-2025-46288

Name of the Vulnerable Software and Affected Versions Jeba Cute forkit plugin for WordPress versions prior to 1.1 Description The Jeba Cute forkit plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitization and output escaping of...

WordPress plugin Make Email Customizer for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Preload Current Images 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress WP Count Down Timer plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin WP Count Down Timer versions = 1.0.1...

WordPress Holiday class post calendar plugin <= 7.1 - Unauthenticated Remote Code Execution via 'contents' vulnerability

Unauthenticated Remote Code Execution via 'contents' vulnerability discovered by kr0d in WordPress Plugin Holiday class post calendar versions = 7.1...

WordPress Preload Current Images plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Preload Current Images versions = 1.3...

WordPress Eventbee Ticketing Widget plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Eventbee Ticketing Widget versions = 1.0...

WordPress Academy LMS Pro plugin <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script' vulnerability

Unauthenticated Sensitive Information Exposure via 'enqueuesocialloginscript' vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin Academy LMS Pro versions = 3.3.8...

WordPress Ovatheme Events Manager plugin <= 1.8.6 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Foxyyy in WordPress Plugin Ovatheme Events Manager versions = 1.8.6...

WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Seriously Simple Podcasting versions = 3.13.0...

WordPress SUMO Affiliates Pro plugin <= 11.0.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Denver Jackson in WordPress Plugin SUMO Affiliates Pro versions = 11.0.0...

CVE-2025-12643

The Saphali LiqPay for donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saphaliliqpay' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12399 Alex Reservations: Smart Restaurant Booking <= 2.2.3 - Authenticated (Admin+) Arbitrary File Upload

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-json/srr/v1/app/upload/file REST endpoint in all versions up to, and including, 2.2.3. This makes it possible for authenticated attackers, wi...

EUVD-2025-38362

The Contact Form 7 AWeber Extension plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxaweberlogreset' AJAX endpoint in all versions up to, and including, 0.1.42. This makes it possible for authenticated attackers, with...

PT-2025-45557

Name of the Vulnerable Software and Affected Versions Flexible Refund and Return Order for WooCommerce plugin for WordPress versions through 1.0.42 Description The Flexible Refund and Return Order for WooCommerce plugin for WordPress has a flaw where data can be altered without proper...

CVE-2025-58638

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Institutions Directory institutions-directory allows Reflected XSS.This issue affects Institutions Directory: from n/a through = 1.3.3...

WordPress Ace User Management plugin <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest vulnerability

Subscriber+ Authentication Bypass via Password Rest vulnerability discovered by aschoiloa1890 in WordPress Plugin Ace User Management versions = 2.0.3...

WordPress plugin Page & Post Notes 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin WP Airbnb Review Slider 跨站脚本漏洞

WordPress WP Airbnb Review Slider plugin is a slider plugin for displaying Airbnb reviews on your WordPress website with support for custom animations, layouts and other advanced features. The WordPress WP Airbnb Review Slider plugin suffers from a cross-site scripting vulnerability that stems fr...

CVE-2025-60191

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a throug...