CVE-2025-67541 WordPress WP-ShowHide plugin <= 1.05 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lester Chan WP-ShowHide wp-showhide allows Stored XSS.This issue affects WP-ShowHide: from n/a through = 1.05...

CVE-2025-67544

CVE-2025-67544 is a stored XSS vulnerability in the WordPress plugin Shopkeeper Extender (before version 7.0). The issue stems from improper input neutralization during web page generation, enabling stored cross-site scripting. Affected product: Shopkeeper Extender

CVE-2025-67539

CVE-2025-67539 : DOM-based XSS in WordPress plugin Select Core (Select-Themes)

CVE-2025-67536 WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This issue affects LearnPress: from n/a through = 4.2.9.4...

CVE-2025-67535

CVE-2025-67535 affects the WordPress WP Maps plugin (wp-google-map-plugin)

CVE-2025-67533

CVE-2025-67533 is a Stored XSS in Themify Portfolio Post (Themify Portfolio Post) affecting versions up to and including 1.3.0. The vulnerability arises from improper input neutralization during web page generation, enabling an attacker to inject malicious script that can execute in an authentica...

CVE-2025-67534 WordPress Rencontre plugin <= 3.13.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through = 3.13.7...

CVE-2025-67519

CVE-2025-67519 concerns an SQL Injection in the Ninja Tables (Ninja Tables) WordPress plugin, affecting Ninja Tables versions from n/a through 5.2.3. The vulnerability is described as Improper Neutralization of Special Elements used in an SQL Command. The provided documents do not include a concr...

CVE-2025-67519 WordPress Ninja Tables plugin <= 5.2.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a through = 5.2.3...

CVE-2025-64256

Technical details for CVE-2025-64256 are not provided in the supplied documents. No vendor/product/version, root cause, or remediation details are disclosed here; monitor for updates from official advisories.

CVE-2025-64256 WordPress Simple Folio plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through = 1.1.0...

WordPress plugin Formstack Online Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

WordPress plugin Яндекс Доставка (Boxberry) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

WordPress plugin Generic Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin SMTP Mail 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress plugin Social Photo Fetcher 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...

WordPress plugin WooCommerce Payment Gateway – Paysera 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin PDF Thumbnail Generator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin P...

WordPress plugin ThirstyAffiliates 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

WordPress plugin Constant Contact + WooCommerce 安全漏洞

...