CVE-2025-12475 Blocksy Companion <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

WordPress Jannah - Extensions plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

WordPress Jannah - Extensions plugin = 1.1.4 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Jannah - Extensions versions = 1.1.4...

WordPress AppPresser plugin <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Limited Sensitive Information Exposure vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin AppPresser versions = 4.5.0...

PT-2025-44372

Name of the Vulnerable Software and Affected Versions Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress versions prior to 1.48 Description The software is susceptible to log file poisoning, allowing unauthenticated attackers to insert arbitrary content...

WordPress plugin Blocksy Companion 跨站脚本漏洞

WordPress Blocksy Companion Plugin is an official plugin designed for WordPress theme Blocksy to enhance the theme functionality with advanced customization options and integration tools. WordPress Blocksy Companion Plugin suffers from a cross-site scripting vulnerability that stems from the...

org.jenkins-ci.plugins:maven-artifact-choicelistprovider (>=1.0.3 <=371.ve708f79022db_) potentially affected by CVE-2025-64133 via jp.ikedam.jenkins.plugins:extensible-choice-parameter (>=1.3.3 <=250.va_1cf60782b_1a_)

jp.ikedam.jenkins.plugins:extensible-choice-parameter MAVEN version =1.3.3, =1.0.3, =371.ve708f79022db Source cves: CVE-2025-64133 Source advisory: SNYK:JAVA-JPIKEDAMJENKINSPLUGINS-13775577...

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

CVE-2025-64135

The CVE-2025-64135 entry concerns Jenkins Eggplant Runner Plugin (versions up to 0.0.1.301.v963cffe8ddb_8 and earlier). The vulnerability arises from the Java system property jdk.http.auth.tunneling.disabledSchemes being set to an empty value during proxy configuration, which disables a Java runt...

CVE-2025-64291 WordPress Premmerce User Roles plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through = 1.0.13...

CVE-2025-64291

CVE-2025-64291 concerns the WordPress plugin Premmerce User Roles (versions

CVE-2025-64289

CVE-2025-64289 affects the WordPress plugin Premmerce Product Search for WooCommerce (premmerce-search), with versions up to and including 2.2.4. The issue is Improper Neutralization of Input During Web Page Generation, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The CVSS indica...

CVE-2025-64226

CVE-2025-64226 is a CSRF vulnerability in the WordPress plugin Stockie Extra (stockie-extra), affecting versions up to and including 1.2.11. The issue enables Cross-Site Request Forgery where an attacker could abuse authenticated sessions to perform unwanted actions on behalf of a user. The CVSS ...

CVE-2025-58939 WordPress Super Store Finder plugin <= 7.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through = 7.5...

CVE-2025-9544 Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...

CVE-2025-49042 WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through = 10.0.2...

Jenkins ByteGuard Build Actions Plugin 安全漏洞

Jenkins ByteGuard Build Actions Plugin is an open source pipeline validation plugin for Jenkins. A security vulnerability exists in version 1.0 of the Jenkins ByteGuard Build Actions Plugin, which stems from an unmasked API token on a job configuration form, which could lead to an attacker...