15786 matches found
CVE-2025-49351
Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...
CVE-2025-66533
CVE-2025-66533 is an authentication‑free vulnerability in GiveWP (WordPress donation plugin) that enables arbitrary shortcode execution through GiveWP versions affected up to 4.13.1. The issue is confirmed in the Wordfence Intelligence vulnerability tracking and is categorized as Improper Control...
CVE-2025-63068
CVE-2025-63068 : Affected is the WordPress plugin Contact Form 7 Dynamic Text Extension . The issue is an improper neutralization of script-related HTML tags in the plugin, leading to a Basic XSS / Code Injection vulnerability. Affected versions are the plugin up to and including 5.0.3 (from the ...
CVE-2025-63059
CVE-2025-63059 describes a Stored XSS in the WordPress Ninja Popups plugin (arscode-ninja-popups) affecting versions up to and including 4.7.8. The vulnerability arises from improper neutralization of input during web page generation. Public documents consistently label the issue as a stored XSS;...
CVE-2025-63050 WordPress REHub Framework plugin < 19.9.9.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This issue affects REHub Framework: from n/a through 19.9.9.7...
CVE-2025-63036 WordPress Ronneby Theme Core plugin <= 1.5.68 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows PHP Local File Inclusion.This issue affects Ronneby Theme Core: from n/a through = 1.5.68...
CVE-2025-63030 WordPress New User Approve plugin <= 3.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through = 3.2.0...
CVE-2025-63015
CVE-2025-63015 describes a Missing Authorization/Broken Access Control vulnerability in the Paysera Payment Gateway for WooCommerce. Public details identify the affected plugin as WooCommerce Paysera Paysera (WordPress plugin) and indicate vulnerable versions up to 3.9.0, with the issue stemming ...
CVE-2025-63023 WordPress Payment Gateway for PayPal on WooCommerce plugin <= 9.0.53 - Broken Access Control vulnerability
Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a through = 9.0.53...
CVE-2025-63012
CVE-2025-63012 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP Hotel Booking (wp-hotel-booking). Affected versions are WP Hotel Booking
CVE-2025-63010
CVE-2025-63010 is a SSRF vulnerability reported in multiple sources affecting ThemesInflow Hercules Core (hercules-core) and the WordPress Hercules Core plugin, with versions up to and including 7.4 affected. The root cause is a server-side request forgery vulnerability that could be exploited to...
CVE-2025-62997
The connected sources confirm a vulnerability in the WordPress WP EasyCart plugin, affecting versions up to 5.8.11. The issue is described as an Information Disclosure flaw caused by insertion of sensitive information into sent data, enabling retrieval of embedded sensitive data from WP EasyCart ...
CVE-2025-62872 WordPress Social Photo Fetcher plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in JK Social Photo Fetcher facebook-photo-fetcher allows Cross Site Request Forgery.This issue affects Social Photo Fetcher: from n/a through = 3.0.4...
CVE-2025-62865
CVE-2025-62865 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress Post Cloner plugin, affecting Post Cloner versions ≤ 1.0.0. The root cause is incorrectly configured access control security levels, enabling potential unauthorized access to Post Cloner functi...
CVE-2025-62735 WordPress User Spam Remover plugin <= 1.1 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through = 1.1...
CVE-2025-62739 WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through = 4.80...
CVE-2025-62739 WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through = 4.80...
CVE-2025-62734 WordPress Media Library Downloader plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in M.Code Media Library Downloader media-library-downloader allows Cross Site Request Forgery.This issue affects Media Library Downloader: from n/a through = 1.4.0...
CVE-2025-62734
CVE-2025-62734 : CSRF in WordPress plugin Media Library Downloader (versions <= 1.4.0) allows cross-site request forgery. Affected software is the Media Library Downloader plugin for WordPress; CVSS 3.1 base score 4.3 (Medium) with network attack vector, no confidentiality/availability impact,...
CVE-2025-62109 WordPress Geo Controller plugin <= 8.9.4 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller cf-geoplugin allows Retrieve Embedded Sensitive Data.This issue affects Geo Controller: from n/a through = 8.9.4...