CVE-2025-68992

CVE-2025-68992 affects BWL Knowledge Base Manager (bwL-kb-manager) for WordPress. Connected documents confirm a stored cross-site scripting (XSS) vulnerability in BW KBase Manager, affecting versions up to 1.6.3. The Wordfence report lists this as an authenticated (Contributor+) Stored XSS, indic...

CVE-2025-68979 WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...

CVE-2025-68975

CVE-2025-68975 concerns the WordPress Eagle Booking plugin (Eagle Booking) versions up to and including 1.3.4.3. Multiple connected sources describe an Insecure Direct Object References (IDOR) / authorization bypass when using a user-controlled key, allowing bypass of access controls. The NVD ent...

WordPress Strong Testimonials plugin <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update vulnerability

Missing Authorization to Authenticated Contributor+ Rating Meta Update vulnerability discovered by type5afe in WordPress Plugin Strong Testimonials versions = 3.2.18...

WordPress Academy LMS plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Academy LMS versions = 3.4.0...

WordPress plugin WING WordPress Migrator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress PowerPack Pro for Elementor plugin missing license vulnerability

WordPress PowerPack Pro for Elementor plugin is an Elementor page builder extension plugin designed for the WordPress platform. A lack of authorization vulnerability exists in WordPress PowerPack Pro for Elementor plugin, which can be exploited by an attacker to leverage a misconfigured access...

WordPress Draft Notify plugin cross-site scripting vulnerability

WordPress Draft Notify plugin is a WordPress plugin for managing draft notifications on your WordPress site. The WordPress Draft Notify plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...

WordPress plugin DesignThemes Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Popup box 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress plugin Poptics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Off Page SEO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Medicalequipment 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-23554 WordPress Off Page SEO plugin <= 3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page SEO: from n/a through = 3.0.3...

CVE-2025-23458 WordPress Ads24 Lite plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rakessh Ads24 Lite allows Reflected XSS.This issue affects Ads24 Lite: from n/a through 1.0...

CVE-2025-68499

CVE-2025-68499 describes a DOM-Based XSS in Crocoblock’s JetTabs WordPress plugin (JetTabs) up to version 2.2.12. The issue arises from improper neutralization of input during web page generation, enabling stored XSS when a user interacts with JetTabs. Affected software: Crocoblock JetTabs (WordP...

CVE-2025-68503 WordPress JetBlog plugin <= 2.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through = 2.4.7...

CVE-2025-68607 WordPress Custom Field Template plugin <= 2.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field Template: from n/a through = 2.7.7...

CVE-2025-68607 WordPress Custom Field Template plugin <= 2.7.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5...

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...