CVE-2025-9207

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated...

Authentication Bypass

Jenkins SAML Plugin is vulnerable to Authentication Bypass. The vulnerability is due to the absence of a replay cache in the SAML authentication flow, allowing attackers who capture SAML authentication messages to replay them and authenticate to Jenkins as the affected user...

CVE-2025-14367

CVE-2025-14367 affects the WordPress plugin Easy Theme Options (versions up to 1.0). The issue is Missing Authorization in the eto_import_settings function, enabling authenticated attackers with Subscriber-level access and above to import arbitrary plugin settings via the eto_import_settings para...

CVE-2025-9873

CVE-2025-9873 is a stored XSS vulnerability in the WordPress plugin a3 Lazy Load up to version 2.7.5. The issue stems from insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with contributor-level access and above to inject scripts th...

CVE-2025-14378 Quick Testimonials <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

CVE-2025-14354

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to perform variou...

CVE-2025-13403 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employeespotlightcheckoptin function in all versions up to, and including, 5.1.3. This makes it possible f...

WordPress plugin AnnunciFunebri Impresa 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

WordPress plugin Eyewear prescription form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Popup Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin MediaCommander – Bring Folders to Media, Posts, and Pages 安全漏洞

...

PT-2025-51064

The Gallery Blocks with Lightbox. Image Gallery, HTML5 video , YouTube, Vimeo Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to unauthorized modification of plugin settings in all versions up to, and including, 3.3.0. This is due to the plugin using the edit post...

WordPress plugin Social Media Auto Publish 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site scripting vulnerabili...

WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Directory Pro versions = 2.5.6...

WordPress Easy Property Listings plugin <= 3.5.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Easy Property Listings versions = 3.5.20...

CVE-2025-14159

CVE-2025-14159 references WordPress plugin Secure Copy Content Protection and Content Locking. A CSRF flaw in versions up to 4.9.2 allows unauthenticated attackers to trigger an export via the ay s_sccp_results_export_file AJAX action, potentially exfiltrating sensitive plugin data (emails, IPs, ...

EUVD-2025-202985

The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the userthemeadmin, displaymethodadmin, and setchangethemebuttonname actions actions in all versions up to, and including, 1.0. This makes it possible for...

EUVD-2025-203016

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2025-13969

CVE-2025-13969 is a stored XSS in the Reviews Sorted WordPress plugin. Affected: Reviews Sorted plugin for WordPress, specifically the [reviews-slider] shortcode’s space parameter. Impact: authenticated attackers with Contributor-level access or higher can inject scripts that run in pages viewed ...

WordPress AI Feeds plugin <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'aifepostmeta' Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin AI Feeds versions = 1.0.22...