CVE-2025-62865

CVE-2025-62865 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress Post Cloner plugin, affecting Post Cloner versions ≤ 1.0.0. The root cause is incorrectly configured access control security levels, enabling potential unauthorized access to Post Cloner functi...

CVE-2025-62739 WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through = 4.80...

CVE-2025-62735 WordPress User Spam Remover plugin <= 1.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through = 1.1...

CVE-2025-62739 WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through = 4.80...

CVE-2025-62734

CVE-2025-62734 : CSRF in WordPress plugin Media Library Downloader (versions &lt;= 1.4.0) allows cross-site request forgery. Affected software is the Media Library Downloader plugin for WordPress; CVSS 3.1 base score 4.3 (Medium) with network attack vector, no confidentiality/availability impact,...

CVE-2025-62734 WordPress Media Library Downloader plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in M.Code Media Library Downloader media-library-downloader allows Cross Site Request Forgery.This issue affects Media Library Downloader: from n/a through = 1.4.0...

CVE-2025-62109 WordPress Geo Controller plugin <= 8.9.4 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller cf-geoplugin allows Retrieve Embedded Sensitive Data.This issue affects Geo Controller: from n/a through = 8.9.4...

CVE-2025-59132

CVE-2025-59132 is a CSRF vulnerability in the WordPress plugin Duplicate Content Cure (versions

CVE-2025-62082 WordPress Generic Elements plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows Stored XSS.This issue affects Generic Elements: from n/a through = 1.2.9...

CVE-2025-67595

CVE-2025-67595 is a CSRF vulnerability in the WordPress plugin Quiz Maker (affected: 6.7.0.82 and earlier). Public sources (NVD, Red Hat, CVE list, Patchstack, Wordfence) corroborate a CSRF flaw that can be triggered by an authenticated actor. Current entries indicate the vulnerability has been p...

EUVD-2025-202057

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through = 6.4.19...

CVE-2025-67590 WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through = 2.4.3...

CVE-2025-67586 WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...

CVE-2025-67588

CVE-2025-67588 is a missing/broken authorization vulnerability in Elementor Website Builder (Elementor) up to version 3.33.0. The Red Hat and CVE records describe a misconfigured access control that could allow unauthorized access to governed functionality. The CVSS v3.1 base score is 4.3 (Medium...

CVE-2025-67561 WordPress Debug Log Viewer plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through = 2.0.3...

CVE-2025-67555

CVE-2025-67555 is an XSS vulnerability in UseStrict’s Calendly Embedder (cal-embedder-lite) for WordPress, affected versions up to and including 1.1.7.2. The Wordfence Vulnerability Report confirms this entry and classifies it as a stored cross-site scripting issue caused by improper input handli...

CVE-2025-67551

CVE-2025-67551 affects WordPress Wappointment plugin (

CVE-2025-67553

CVE-2025-67553 affects the WordPress Advanced FAQ Manager plugin (versions

CVE-2025-67553 WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows DOM-Based XSS.This issue affects Advanced FAQ Manager: from n/a through = 1.5.2...

CVE-2025-67553 WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows DOM-Based XSS.This issue affects Advanced FAQ Manager: from n/a through = 1.5.2...