WordPress plugin Breeze 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Better Business Reviews 安全漏洞

...

WordPress plugin Car Rental Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-59467

A Cross-Site Scripting XSS vulnerability in the UCRM Argentina AFIP invoices Plugin v1.2.0 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin...

CVE-2023-52212 WordPress WP Job Manager plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0...

CVE-2023-51513

CVE-2023-51513 affects the WordPress Geo Controller plugin (

CVE-2025-68547

CVE-2025-68547 corresponds to a Missing Authorization vulnerability in the WordPress plugin Follow My Blog Post. Wordfence’s vulnerability details describe an unauthenticated path that allows arbitrary content deletion, i.e., an attacker can delete content without auth. The entry indicates affect...

Ubiquiti UCRM Argentina AFIP invoices Plugin 安全漏洞

Ubiquiti UCRM Argentina AFIP invoices Plugin is an extension plugin from Ubiquiti USA. A security vulnerability exists in Ubiquiti UCRM Argentina AFIP invoices Plugin version 1.2.0 and earlier, which stems from the presence of cross-site scripting that could lead to elevation of privilege...

WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Supakiad S. m3ez in WordPress Plugin Tutor LMS versions = 3.9.4...

CVE-2025-14428

CVE-2025-14428 affects the WordPress plugin “All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements” up to version 2.3.3. The issue is a missing capability check in the my_sticky_elements_bulks function, allowing authenticated attackers with Su...

CVE-2025-23705 WordPress Zielke Design Project Gallery plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry Zielke Zielke Design Project Gallery zielke-design-project-gallery allows Reflected XSS.This issue affects Zielke Design Project Gallery: from n/a through = 2.5.0...

CVE-2025-66149

Technical details for CVE-2025-66149 are not provided in the connected documents; no product/version/root-cause/impact information is available here—monitor for updates.

CVE-2025-49337 WordPress Dashboard Beacon plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in janhenckens Dashboard Beacon allows Stored XSS.This issue affects Dashboard Beacon: from n/a through 1.2.0...

CVE-2025-23608

CVE-2025-23608 corresponds to a Reflected XSS in WordPress LIVE TV plugin (LIVE TV

WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...

CVE-2025-66159 WordPress Walker for Elementor plugin <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Walker for Elementor walker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through = 1.1.6...

CVE-2025-63021 WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codetipi Valenti Engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through 1.0.3...

CVE-2025-63021 WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codetipi Valenti Engine valenti-engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through = 1.0.3...

WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Valenti Engine versions = 1.0.3...

CVE-2025-63038

Technical details for CVE-2025-63038 are not provided in the supplied documents; no affected versions, impact, or remediation are disclosed here. Monitor for updates from NVD/patch sources.