CVE-2025-11870

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

WordPress Builderall Builder for WordPress plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Builderall Builder for WordPress versions = 3.0.1...

EUVD-2025-35546

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPClever WPC Countdown Timer for WooCommerce wpc-countdown-timer allows Stored XSS.This issue affects WPC Countdown Timer for WooCommerce: from n/a through = 3.1.4...

CVE-2025-49962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.5...

CVE-2025-49947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...

CVE-2025-49925

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

CVE-2025-49911

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...

CVE-2025-62062 WordPress Easy Post Submission plugin <= 1.7.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Retrieve Embedded Sensitive Data.This issue affects Easy Post Submission: from n/a through = 1.7.0...

CVE-2025-62060 WordPress Tab Ultimate plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themepoints Tab Ultimate tabs-pro.This issue affects Tab Ultimate: from n/a through = 1.8...

CVE-2025-62042

CVE-2025-62042 is a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Event post” (event-post) affecting versions up to and including 5.10.3. The issue stems from improper input neutralization during web page generation, enabling an attacker to inject malicious scripts. Exploitati...

CVE-2025-62048 WordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform SmartCrawl smartcrawl-seo.This issue affects SmartCrawl: from n/a through = 3.14.3...

CVE-2025-62024

CVE-2025-62024 describes an XSS (Cross-site Scripting) vulnerability in the WordPress plugin Pie Calendar (developer: Jonathan Jernigan) with affected versions “from n/a through

CVE-2025-62024 WordPress Pie Calendar plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jonathan Jernigan Pie Calendar pie-calendar.This issue affects Pie Calendar: from n/a through = 1.2.9...

CVE-2025-62022 WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through = 14.3.4...

CVE-2025-62020

CVE-2025-62020 concerns the WordPress VOD Infomaniak plugin (≤ 1.5.11). The issue is Cross-Site Scripting caused by improper input neutralization during web page generation, affecting Infomaniak vod-infomaniak. Documented impact is XSS with network attack vector and user interaction required; CVS...

CVE-2025-62008 WordPress Product Table For WooCommerce plugin <= 1.2.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through = 1.2.4...

CVE-2025-62005

CVE-2025-62005 is a CSRF vulnerability in WordPress plugin SUMO Memberships for WooCommerce (FantasticPlugins) affecting all versions before 7.8.0. Exploitation could enable a CSRF attack against authenticated users, with the NVD/Wordfence data listing a CVSS v3.1 base score of 7.1 (High) and an ...

CVE-2025-60232 WordPress KBx Pro Ultimate plugin <= 8.0.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through = 8.0.5...

CVE-2025-60224 WordPress Subscribe to Download plugin <= 2.0.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through = 2.0.9...

CVE-2025-60224

CVE-2025-60224 affects the WordPress Subscribe to Download plugin (versions