5785 matches found
CVE-2025-69019
CVE-2025-69019 : FlippingBook (FlippingBook/FlippingBook) contains a DOM-based XSS in the web-page generation flow, affecting FlippingBook versions up to and including 2.0.1. The Wordfence report details an authenticated (Contributor+) path to abuse; CVSS/impact per initial data indicates cross-s...
CVE-2025-68995 WordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through = 2.3.3...
CVE-2025-68997 WordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through = 7.6.43...
CVE-2025-68992
CVE-2025-68992 affects BWL Knowledge Base Manager (bwL-kb-manager) for WordPress. Connected documents confirm a stored cross-site scripting (XSS) vulnerability in BW KBase Manager, affecting versions up to 1.6.3. The Wordfence report lists this as an authenticated (Contributor+) Stored XSS, indic...
CVE-2025-68979 WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...
CVE-2025-68975
CVE-2025-68975 concerns the WordPress Eagle Booking plugin (Eagle Booking) versions up to and including 1.3.4.3. Multiple connected sources describe an Insecure Direct Object References (IDOR) / authorization bypass when using a user-controlled key, allowing bypass of access controls. The NVD ent...
WordPress Academy LMS plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Academy LMS versions = 3.4.0...
WordPress plugin DesignThemes Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Off Page SEO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress PowerPack Pro for Elementor plugin missing license vulnerability
WordPress PowerPack Pro for Elementor plugin is an Elementor page builder extension plugin designed for the WordPress platform. A lack of authorization vulnerability exists in WordPress PowerPack Pro for Elementor plugin, which can be exploited by an attacker to leverage a misconfigured access...
CVE-2025-23554 WordPress Off Page SEO plugin <= 3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page SEO: from n/a through = 3.0.3...
CVE-2025-68499
CVE-2025-68499 describes a DOM-Based XSS in Crocoblock’s JetTabs WordPress plugin (JetTabs) up to version 2.2.12. The issue arises from improper neutralization of input during web page generation, enabling stored XSS when a user interacts with JetTabs. Affected software: Crocoblock JetTabs (WordP...
CVE-2025-68503 WordPress JetBlog plugin <= 2.4.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through = 2.4.7...
CVE-2025-68607 WordPress Custom Field Template plugin <= 2.7.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5...
CVE-2025-68599
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...
CVE-2025-68573
CVE-2025-68573 is described as a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Simple Keyword to Link (simple-keyword-to-link). The Initial document states affected range as “Simple Keyword to Link: from n/a through
CVE-2025-67625 WordPress Trade Runner plugin <= 3.14 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through = 3.14...
CVE-2023-36525 WordPress WPJobBoard plugin <= 5.9.0 - Unauth. Blind SQL Injection (SQLi) vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0...
CVE-2025-68529
Technical details for CVE-2025-68529 are not provided in the supplied connected documents. Current information confirms CSRF vulnerability in WP Email Capture
WordPress plugin H5P 安全漏洞
WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...