WordPress Carter for Elementor plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Carter for Elementor versions = 1.0.2...

CVE-2025-13072

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13072 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via utm_source

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin HandL UTM Grabber / Tracker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

EUVD-2025-201954

Improper Control of Generation of Code 'Code Injection' vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through = 4.13.1...

EUVD-2025-202033

Cross-Site Request Forgery CSRF vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through = 3.5.1...

CVE-2025-67519

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a through = 5.2.3...

CVE-2025-49351

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

CVE-2025-66533

CVE-2025-66533 is an authentication‑free vulnerability in GiveWP (WordPress donation plugin) that enables arbitrary shortcode execution through GiveWP versions affected up to 4.13.1. The issue is confirmed in the Wordfence Intelligence vulnerability tracking and is categorized as Improper Control...

CVE-2025-63068

CVE-2025-63068 : Affected is the WordPress plugin Contact Form 7 Dynamic Text Extension . The issue is an improper neutralization of script-related HTML tags in the plugin, leading to a Basic XSS / Code Injection vulnerability. Affected versions are the plugin up to and including 5.0.3 (from the ...

CVE-2025-63059

CVE-2025-63059 describes a Stored XSS in the WordPress Ninja Popups plugin (arscode-ninja-popups) affecting versions up to and including 4.7.8. The vulnerability arises from improper neutralization of input during web page generation. Public documents consistently label the issue as a stored XSS;...

CVE-2025-63050 WordPress REHub Framework plugin < 19.9.9.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This issue affects REHub Framework: from n/a through 19.9.9.7...

CVE-2025-63036 WordPress Ronneby Theme Core plugin <= 1.5.68 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows PHP Local File Inclusion.This issue affects Ronneby Theme Core: from n/a through = 1.5.68...

CVE-2025-63030 WordPress New User Approve plugin <= 3.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through = 3.2.0...

CVE-2025-63015

CVE-2025-63015 describes a Missing Authorization/Broken Access Control vulnerability in the Paysera Payment Gateway for WooCommerce. Public details identify the affected plugin as WooCommerce Paysera Paysera (WordPress plugin) and indicate vulnerable versions up to 3.9.0, with the issue stemming ...

CVE-2025-63023 WordPress Payment Gateway for PayPal on WooCommerce plugin <= 9.0.53 - Broken Access Control vulnerability

Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a through = 9.0.53...

CVE-2025-63012

CVE-2025-63012 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP Hotel Booking (wp-hotel-booking). Affected versions are WP Hotel Booking

CVE-2025-63010

CVE-2025-63010 is a SSRF vulnerability reported in multiple sources affecting ThemesInflow Hercules Core (hercules-core) and the WordPress Hercules Core plugin, with versions up to and including 7.4 affected. The root cause is a server-side request forgery vulnerability that could be exploited to...

CVE-2025-62997

The connected sources confirm a vulnerability in the WordPress WP EasyCart plugin, affecting versions up to 5.8.11. The issue is described as an Information Disclosure flaw caused by insertion of sensitive information into sent data, enabling retrieval of embedded sensitive data from WP EasyCart ...

CVE-2025-62872 WordPress Social Photo Fetcher plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in JK Social Photo Fetcher facebook-photo-fetcher allows Cross Site Request Forgery.This issue affects Social Photo Fetcher: from n/a through = 3.0.4...