EUVD-2025-205256

Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through = 1.9.6...

CVE-2025-68602 WordPress Accept Donations with PayPal plugin <= 1.5.2 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal & Stripe: from n/a through = 1.5.2...

CVE-2025-68573 WordPress Simple Keyword to Link plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through = 1.5...

CVE-2025-68573

CVE-2025-68573 is described as a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Simple Keyword to Link (simple-keyword-to-link). The Initial document states affected range as “Simple Keyword to Link: from n/a through

CVE-2025-68567 WordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through = 3.6.33...

CVE-2025-67625 WordPress Trade Runner plugin <= 3.14 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through = 3.14...

CVE-2025-67622

Technical details for CVE-2025-67622 are not provided in the supplied documents. Monitor for updates from official advisories; current data mentions CSRF and Stored XSS claims but lacks concrete product/version/impact details.

CVE-2023-36525 WordPress WPJobBoard plugin <= 5.9.0 - Unauth. Blind SQL Injection (SQLi) vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0...

CVE-2025-68529

Technical details for CVE-2025-68529 are not provided in the supplied connected documents. Current information confirms CSRF vulnerability in WP Email Capture

CVE-2025-68516

CVE-2025-68516: WordPress Tablesome plugin

CVE-2025-68497

The CVE-2025-68497 entry covers a Stored XSS vulnerability in Brainstorm Force Astra Widgets (astra-widgets) affecting versions up to 1.2.16. The root cause is improper neutralization/escaping of user-supplied input during web page generation, enabling arbitrary scripts to be injected into pages ...

WordPress plugin Vimeotheque 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Vimeotheque suffers from a cross-site request forgery vulnerability for which no detailed vulnerability details are currently available...

WordPress plugin H5P 安全漏洞

WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...

WordPress plugin YouTube Embed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-53287

Name of the Vulnerable Software and Affected Versions Embeds For YouTube Plugin Support YouTube Embed versions through 5.4 Description The YouTube Embed plugin contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. This allo...

CVE-2025-68559

TheGem Theme Elements (for Elementor) WordPress plugin is vulnerable to Cross‑Site Scripting (XSS) due to improper input neutralization during web page generation. Affected versions are up to 5.10.5.1. Risk is mitigated by upgrading to a version later than 5.10.5.1, per multiple sources describin...

CVE-2025-14155 Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content'

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gettemplatecontent' function in all versions up to, and including, 4.11.53. This makes it possible for...

WordPress plugin VPSUForm 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin WPBulky SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress...

WordPress plugin Chakra test 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Chakra test plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access contr...