WordPress Bg Church Memos Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Gilang Asra Bilhadi in WordPress Plugin Bg Church Memos versions = 1.1...

WordPress DOAJ Export Plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Jieun Kim in WordPress Plugin DOAJ Export versions = 1.0.4...

WordPress Grid plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Grid versions = 2.3.1...

WordPress Proof Factor – Social Proof Notifications Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Vinit Lakra in WordPress Plugin Proof Factor Social Proof Notifications versions = 1.0.5...

WordPress Kama Click Counter plugin <= 4.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Kama Click Counter versions = 4.0.4...

WordPress Casengo Live Chat Support Plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Casengo Live Chat Support versions = 2.1.4...

WordPress Genesis Club Lite Plugin <= 1.17 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Genesis Club Lite versions = 1.17...

CVE-2025-58974

CVE-2025-58974 (WPComplete) is a stored cross-site scripting (XSS) vulnerability in the WordPress plugin WPComplete. The CVE entry covers the WPComplete plugin and notes impact on versions up to 2.9.5.2, where improper neutralization of input during web page generation leads to stored XSS. Connec...

CVE-2025-59572 WordPress WorkScout-Core Plugin < 1.7.06 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This issue affects WorkScout-Core: from n/a through 1.7.06...

CVE-2025-59573

CVE-2025-59573: Cozy Blocks (Cozy Themes) for WordPress vulnerable to unauthenticated arbitrary shortcode execution via improper neutralization of script-related HTML; affected versions up to 2.1.29; patch available in 2.1.29; CVSS 3.1 Base 5.3 (Medium).

CVE-2025-59574 WordPress WP Travel Engine Plugin <= 1.4.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Travel Engine WP Travel Engine allows Stored XSS. This issue affects WP Travel Engine: from n/a through 1.4.2...

CVE-2025-53450

CVE-2025-53450 is an active vulnerability affecting Easy Pricing Table WP (

CVE-2025-53452

The CVE-2025-53452 entry covers a Missing Authorization vulnerability in Event Rocket WordPress plugin (range: from n/a through 3.3). The underlying issue is improper access control/configuration allowing unauthorized actions. Public details in the provided documents are limited to affected softw...

CVE-2025-53454 WordPress Ultimate WP Mail Plugin <= 1.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Stored XSS.This issue affects Ultimate WP Mail: from n/a through = 1.3.8...

CVE-2025-53456 WordPress SEO Backlink Monitor plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in activewebsight SEO Backlink Monitor seo-backlink-monitor allows Cross Site Request Forgery.This issue affects SEO Backlink Monitor: from n/a through = 1.8.0...

CVE-2025-53468 WordPress Wp tabber widget Plugin <= 4.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in [email protected] Wp tabber widget wp-tabber-widget allows SQL Injection.This issue affects Wp tabber widget: from n/a through = 4.0...

CVE-2025-53469 WordPress BMI Adult & Kid Calculator Plugin <= 1.2.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mortgage Calculator BMI Adult & Kid Calculator bmi-adultkid-calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through = 1.2.2...

CVE-2025-53468 WordPress Wp tabber widget Plugin <= 4.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in [email protected] Wp tabber widget wp-tabber-widget allows SQL Injection.This issue affects Wp tabber widget: from n/a through = 4.0...

CVE-2025-57898

CVE-2025-57898 is a Stored XSS in the WordPress plugin WP Frontend Admin (Display WP Admin Pages in the Frontend). Public docs show affected software: WP Frontend Admin

CVE-2025-57901

CVE-2025-57901 is listed in connected sources as relating to Import Markdown – Versatile Markdown Importer for WordPress. The connected entry indicates a vulnerability described as an authenticated (Contributor+) Stored Cross-Site Scripting (XSS) via the Markdown import process. In practical term...