15852 matches found
WordPress Stock Tools plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Stock Tools versions = 1.1...
WordPress Tips Shortcode plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Tips Shortcode versions = 0.2.1...
CVE-2025-66061
Cross-Site Request Forgery CSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...
CVE-2025-66111
CVE-2025-66111: Nelio Popups for WordPress is affected by a Stored XSS due to improper input neutralization in web page generation for versions up to 1.3.0. Wordfence notes this entry is patched; the CVSSv3.1 base score is 6.1 (Medium) with network access required and user interaction needed. The...
CVE-2025-66098
CVE-2025-66098 pertains to WordPress travel ers-map plugin with a Stored XSS flaw due to improper input neutralization during web page generation. Affected plugin versions are Travelers' Map <= 2.3.2 (authenticated context). The issue is substantiated across multiple sources (NVD, Red Hat, CIR...
CVE-2025-66091 WordPress Stylish Cost Calculator plugin <= 8.1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through = 8.1.5...
CVE-2025-66081 WordPress Head Meta Data plugin <= 20250327 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...
CVE-2025-66066 WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through = 1.9.11...
CVE-2025-66059
CVE-2025-66059 affects WordPress plugin Seriously Simple Podcasting (<= 3.13.0). The vulnerability is an unauthenticated information disclosure that allows retrieval of embedded sensitive data, as indicated by the CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) with a base score of 5.3. ...
CVE-2025-66056 WordPress Uncanny Automator plugin < 6.10.0 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through 6.10.0...
EUVD-2025-198480
Cross-Site Request Forgery CSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...
CVE-2025-66061
CVE-2025-66061 is a CSRF vulnerability in WordPress plugin Seriously Simple Podcasting (
WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin SupportCandy versions = 3.4.1...
CVE-2025-12039 BigBuy Dropshipping Connector for WooCommerce <= 2.0.5 - Unauthenticated IP Spoofing to phpinfo() Exposure
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...
CVE-2025-11763
The Display Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'columncount' parameter in the display-pages shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-11802
Summary of CVE-2025-11802. The Bulma Shortcodes plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability via the type attribute of the bulma-notification shortcode. This applies to all versions up to and including 1.0. authenticated attackers with Contributor+ privile...
CVE-2025-11456
CVE-2025-11456 affects the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress. The vulnerability is an unauthenticated arbitrary file upload due to missing file-type validation in the eh_crm_new_ticket_post() function across all versions up to and including 3.3.1. The issue ...
CVE-2025-11770
The BrightTALK WordPress Shortcode plugin (WordPress) is vulnerable to Stored Cross-Site Scripting via the format attribute of the brighttalk-time shortcode in all versions up to 2.4.0. The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers wit...
WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin TI WooCommerce Wishlist versions = 2.10.0...
WordPress plugin Accessibility Toolkit by WebYes 安全漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Accessibility Toolkit by WebYes, which...