CVE-2025-49390 WordPress Cookie Notice & Consent plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in christophrado Cookie Notice & Consent cookie-notice-consent allows Stored XSS.This issue affects Cookie Notice & Consent: from n/a through = 1.6.4...

CVE-2025-49372 WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through = 1.0.7...

CVE-2025-48083

CVE-2025-48083 affects the WordPress plugin wpNamedUsers (versions &lt;= 0.5). The issue is a Cross-Site Request Forgery (CSRF) vulnerability that leads to Stored XSS. Base metrics show CVSS 3.1, with a high impact: confidentiality, integrity, and availability all rated High/H. The vulnerability ...

CVE-2025-48083 WordPress wpNamedUsers plugin <= 0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through = 0.5...

CVE-2025-31029 WordPress replyMail plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through = 1.2.0...

CVE-2025-28953

The CVE-2025-28953 entry corresponds to a SQL Injection in WordPress plugin smart SEO (smartSEO) from axiomthemes, affecting versions up to and including 4.0. The issue is due to improper neutralization of special elements used in an SQL command, enabling potential SQL injection. Documented impac...

WordPress Blog2Social plugin <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url vulnerability

Authenticated Subscriber+ Blind Server-Side Request Forgery via posturl vulnerability discovered by LionTree in WordPress Plugin Blog2Social versions = 8.6.0...

WordPress Easy Email Subscription plugin <= 1.3 - Authenticated (Admin+) SQL Injection via uid vulnerability

Authenticated Admin+ SQL Injection via uid vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Easy Email Subscription versions = 1.3...

PT-2025-45322

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through = 2.5...

WordPress plugin Better Find and Replace – AI-Powered Suggestions 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... An authorization iss...

WordPress plugin Houzez Theme - Functionality 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. WordPress plugin Houz...

WordPress plugin Easy Email Subscription SQL注入漏洞

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. WordPress Easy Email Subscription plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements...

WordPress plugin Hubbub Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

WordPress plugin Widget Logic 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

WordPress plugin Dynamic Pricing With Discount Rules for WooCommerce 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

WordPress plugin Sign-up Sheets 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress plugin WP Logo Changer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Info Cards 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin Inf...

WordPress plugin Yogi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin TranslatePress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...