CVE-2025-68864 WordPress Infility Global plugin <= 2.15.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: from n/a through = 2.15.11...

CVE-2025-68857 WordPress Paid Downloads plugin <= 3.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

CVE-2025-68849 WordPress Quote Master plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Frank Corso Quote Master quote-master allows Reflected XSS.This issue affects Quote Master: from n/a through = 7.1.1...

CVE-2025-68035 WordPress Tabby Checkout plugin <= 5.8.4 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through = 5.8.4...

CVE-2025-68030

Summary (CVE-2025-68030) The WordPress plugin Frontis Blocks (Frontis Blocks — Block Library for the Block Editor) is affected up to version 1.1.5. A Server-Side Request Forgery (SSRF) vulnerability exists in the frontis-blocks component, exploitable via the url parameter, enabling the SSRF issue...

CVE-2025-68012 WordPress CodeColorer plugin <= 0.10.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through = 0.10.1...

CVE-2025-68011 WordPress GLS Shipping for WooCommerce plugin <= 1.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through = 1.4.0...

CVE-2025-68001

CVE-2025-68001 affects garidium g-FFL Checkout (WordPress plugin) ≤ 2.1.0 and is an Unrestricted Upload of a File with Dangerous Type, enabling a Web Shell upload to the server. Root cause: improper validation/allowance of dangerous file types during upload. Impact: potential remote code executio...

CVE-2025-67960

CVE-2025-67960 describes a Reflected XSS in the WordPress plugin WorkScout-Core (purethemes WorkScout-Core) affecting versions up to 1.7.06. The issue is caused by improper neutralization of input during web page generation (cross-site scripting). The connected Wordfence details confirm this CVE ...

CVE-2025-67943 WordPress My auctions allegro plugin <= 3.6.32 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through = 3.6.32...

CVE-2025-67923 WordPress JetEngine plugin <= 3.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through = 3.7.7...

CVE-2025-67626

CVE-2025-67626 shows a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP SEO Search (wp-seo-search) by Angel Costa. Affected versions are WP SEO Search: from n/a through

CVE-2025-66136

CVE-2025-66136 is a confirmed Missing Authorization vulnerability in the WordPress plugin Carter for Elementor (Carter for Elementor) affecting versions up to 1.0.2. Public docs describe an access-control misconfiguration that enables exploitation via improper authorization, with the NVD entry no...

CVE-2025-63051 WordPress REHub Framework plugin < 19.9.9.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through 19.9.9.4...

CVE-2025-63051 WordPress REHub Framework plugin < 19.9.9.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through 19.9.9.4...

CVE-2025-63017 WordPress WerkStatt plugin plugin <= 1.6.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes WerkStatt Plugin werkstatt-plugin allows PHP Local File Inclusion.This issue affects WerkStatt Plugin: from n/a through = 1.6.6...

CVE-2025-62077

The CVE-2025-62077 entry concerns the WordPress Affiliate Link Tracker plugin, affected versions through 0.2. The vulnerability is Stored XSS caused by improper input handling during web page generation, as stated across Red Hat, NVD, CVE records and third-party sources. Impact is defined as stor...

CVE-2025-52762 WordPress flexo-posts-manager Plugin <= 1.0001 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flexostudio flexo-posts-manager flexo-posts-manager allows Reflected XSS.This issue affects flexo-posts-manager: from n/a through = 1.0001...

CVE-2025-47666 WordPress Image&Video FullScreen Background plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Image&Video FullScreen Background lbgfullscreenfullwidthslider allows Reflected XSS.This issue affects Image&Video FullScreen Background: from n/a through = 1.6.7...

WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Final User versions = 1.2.5...