WordPress Extra Shortcodes plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Extra Shortcodes versions = 2.2...

CVE-2025-62743 WordPress MyBookTable Bookstore plugin <= 3.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zookatron MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.5.5...

CVE-2025-62744 WordPress Page Title Splitter plugin <= 2.5.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Steman Page Title Splitter page-title-splitter allows Stored XSS.This issue affects Page Title Splitter: from n/a through = 2.5.9...

WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Web and WooCommerce Addons for WPBakery Builder versions = 1.5...

CVE-2025-62749 WordPress User Specific Content plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bainternet User Specific Content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through 1.0.6...

CVE-2025-62135 WordPress Responsive Block Control plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in landwire Responsive Block Control responsive-block-control allows DOM-Based XSS.This issue affects Responsive Block Control: from n/a through = 1.3.0...

WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin Follow My Blog Post versions = 2.4.0...

CVE-2025-62757 WordPress WebMan Amplifier plugin <= 1.5.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebMan Design | Oliver Juhas WebMan Amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through 1.5.12...

WordPress The Moneytizer plugin <= 10.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin The Moneytizer versions = 10.0.9...

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

CVE-2025-49353

Technical details for CVE-2025-49353 (Noindex by Path) are not provided in the supplied documents; public information about affected versions, impact, and remediation is not available here. Monitor for updates.

WordPress SensitiveTagCloud plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin SensitiveTagCloud versions = 1.4.1...

CVE-2025-59137 WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through = 1.7.5...

WordPress Checkout Mestres do WP for WooCommerce plugin 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update vulnerability

WordPress Checkout Mestres do WP for WooCommerce plugin 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Checkout Mestres WP versions 8.6.5-8.7.5...

WordPress Profiler - What Slowing Down Your WP plugin <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration vulnerability

WordPress Profiler - What Slowing Down Your WP plugin = 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration vulnerability discovered by ch4r0n - FPT Software in WordPress Plugin Profiler - What Slowing Down Your WP versions = 1.0.0...

WordPress Service Finder Bookings plugin < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability

Authenticated Subscriber+ Privilege Escalation via Account Takeover vulnerability discovered by Thái An in WordPress Plugin Service Finder Booking versions 6.1...

WordPress plugin WordPress Tooltips 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

WordPress plugin Hotel Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress GDPR Cookie Compliance plugin < 4.15.9 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.9...

WordPress GravityForms plugin 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter vulnerability

WordPress GravityForms plugin 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'stylesettings' parameter vulnerability discovered by mikemyers in WordPress Plugin Gravity Forms versions 2.9.0.1-2.9.1.3...