PT-2025-39496

Name of the Vulnerable Software and Affected Versions Featured Image from URL FIFU plugin for WordPress versions through 5.2.7 Description The Featured Image from URL FIFU plugin for WordPress is susceptible to SQL Injection through the get all urls function. Insufficient escaping of user-supplie...

PT-2025-39590

Name of the Vulnerable Software and Affected Versions HT Feed versions through 1.3.0 Description The HT Feed plugin contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting XSS. This means an attacker could inject malicious scripts...

WordPress Banhammer plugin <= 3.4.8 - Unauthenticated Protection Mechanism Bypass vulnerability

Unauthenticated Protection Mechanism Bypass vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Banhammer versions = 3.4.8...

CVE-2025-10380

The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig templates in the Mod...

Unspecified Vulnerability in WordPress Plugin Academy LMS

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Academy LMS, which can be exploited by ...

CVE-2025-58031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through = 3.1.19...

CVE-2025-58915 WordPress Request a Quote plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in emarket-design Request a Quote request-a-quote allows Stored XSS.This issue affects Request a Quote: from n/a through = 2.5.0...

CVE-2025-58915 WordPress YouTube Showcase plugin <= 3.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through 3.5.0...

PT-2025-39155

Name of the Vulnerable Software and Affected Versions Podlove Podcast Publisher versions up to and including 4.2.6 Description The Podlove Podcast Publisher plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation in the move as original file functio...

WordPress plugin SureForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress DELUCKS SEO Plugin <= 2.7.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin DELUCKS SEO versions = 2.7.0...

WordPress Heureka Plugin <= 1.1.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Heureka versions = 1.1.0...

WordPress Product Time Countdown for WooCommerce plugin <= 1.6.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Product Time Countdown for WooCommerce versions = 1.6.5...

WordPress Append extensions on Pages Plugin <= 1.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Append extensions on Pages versions = 1.1.2...

WordPress WP Subtitle Plugin <= 3.4.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin WP Subtitle versions = 3.4.1...

WordPress Upcoming Events Lists Plugin <= 1.4.0 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by Nabil Irawan in WordPress Plugin Upcoming Events Lists versions = 1.4.0...

WordPress WP Gravity Forms Keap/Infusionsoft plugin <= 1.2.6 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Bonds in WordPress Plugin WP Gravity Forms Keap/Infusionsoft versions = 1.2.6...

WordPress Ultimate Store Kit Elementor Addons plugin <= 2.8.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 2.8.6...

WordPress VoucherPress Plugin <= 1.5.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Le Cong Danh vodanh in WordPress Plugin VoucherPress versions = 1.5.7...

WordPress WP Category Dropdown Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin WP Category Dropdown versions = 1.9...