CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

WordPress Flaming Password Reset plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Flaming Password Reset versions = 1.0.3...

WordPress Theater for WordPress plugin <= 0.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Arif Shaikh in WordPress Plugin Theater for WordPress versions = 0.19...

WordPress WC Builder plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin WC Builder versions = 1.2.0...

WordPress Vimeotheque Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Vimeotheque suffers from a cross-site request forgery vulnerability for which no detailed vulnerability details are currently available...

CVE-2025-68599

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...

WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CookieHint WP versions = 1.0.0...

WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin YITH Slider for page builders versions = 1.0.11...

EUVD-2025-205256

Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through = 1.9.6...

CVE-2025-68602 WordPress Accept Donations with PayPal plugin <= 1.5.2 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal & Stripe: from n/a through = 1.5.2...

CVE-2025-68573

CVE-2025-68573 is described as a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Simple Keyword to Link (simple-keyword-to-link). The Initial document states affected range as “Simple Keyword to Link: from n/a through

CVE-2025-68573 WordPress Simple Keyword to Link plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through = 1.5...

CVE-2025-68567 WordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through = 3.6.33...

CVE-2025-67625 WordPress Trade Runner plugin <= 3.14 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through = 3.14...

CVE-2025-67622

Technical details for CVE-2025-67622 are not provided in the supplied documents. Monitor for updates from official advisories; current data mentions CSRF and Stored XSS claims but lacks concrete product/version/impact details.

CVE-2023-36525 WordPress WPJobBoard plugin <= 5.9.0 - Unauth. Blind SQL Injection (SQLi) vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0...

CVE-2025-68529

Technical details for CVE-2025-68529 are not provided in the supplied connected documents. Current information confirms CSRF vulnerability in WP Email Capture

CVE-2025-68516

CVE-2025-68516: WordPress Tablesome plugin

CVE-2025-68497

The CVE-2025-68497 entry covers a Stored XSS vulnerability in Brainstorm Force Astra Widgets (astra-widgets) affecting versions up to 1.2.16. The root cause is improper neutralization/escaping of user-supplied input during web page generation, enabling arbitrary scripts to be injected into pages ...

PT-2025-53287

Name of the Vulnerable Software and Affected Versions Embeds For YouTube Plugin Support YouTube Embed versions through 5.4 Description The YouTube Embed plugin contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. This allo...