CVE-2025-59132

CVE-2025-59132 is a CSRF vulnerability in the WordPress plugin Duplicate Content Cure (versions

CVE-2025-62082 WordPress Generic Elements plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows Stored XSS.This issue affects Generic Elements: from n/a through = 1.2.9...

EUVD-2025-202057

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through = 6.4.19...

CVE-2025-67595

CVE-2025-67595 is a CSRF vulnerability in the WordPress plugin Quiz Maker (affected: 6.7.0.82 and earlier). Public sources (NVD, Red Hat, CVE list, Patchstack, Wordfence) corroborate a CSRF flaw that can be triggered by an authenticated actor. Current entries indicate the vulnerability has been p...

CVE-2025-67590 WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through = 2.4.3...

CVE-2025-67588

CVE-2025-67588 is a missing/broken authorization vulnerability in Elementor Website Builder (Elementor) up to version 3.33.0. The Red Hat and CVE records describe a misconfigured access control that could allow unauthorized access to governed functionality. The CVSS v3.1 base score is 4.3 (Medium...

CVE-2025-67586 WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...

CVE-2025-67561 WordPress Debug Log Viewer plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through = 2.0.3...

CVE-2025-67555

CVE-2025-67555 is an XSS vulnerability in UseStrict’s Calendly Embedder (cal-embedder-lite) for WordPress, affected versions up to and including 1.1.7.2. The Wordfence Vulnerability Report confirms this entry and classifies it as a stored cross-site scripting issue caused by improper input handli...

CVE-2025-67553 WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows DOM-Based XSS.This issue affects Advanced FAQ Manager: from n/a through = 1.5.2...

CVE-2025-67553

CVE-2025-67553 affects the WordPress Advanced FAQ Manager plugin (versions

CVE-2025-67551

CVE-2025-67551 affects WordPress Wappointment plugin (

CVE-2025-67553 WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows DOM-Based XSS.This issue affects Advanced FAQ Manager: from n/a through = 1.5.2...

CVE-2025-67544

CVE-2025-67544 is a stored XSS vulnerability in the WordPress plugin Shopkeeper Extender (before version 7.0). The issue stems from improper input neutralization during web page generation, enabling stored cross-site scripting. Affected product: Shopkeeper Extender

CVE-2025-67541 WordPress WP-ShowHide plugin <= 1.05 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lester Chan WP-ShowHide wp-showhide allows Stored XSS.This issue affects WP-ShowHide: from n/a through = 1.05...

CVE-2025-67536 WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This issue affects LearnPress: from n/a through = 4.2.9.4...

CVE-2025-67539

CVE-2025-67539 : DOM-based XSS in WordPress plugin Select Core (Select-Themes)

CVE-2025-67533

CVE-2025-67533 is a Stored XSS in Themify Portfolio Post (Themify Portfolio Post) affecting versions up to and including 1.3.0. The vulnerability arises from improper input neutralization during web page generation, enabling an attacker to inject malicious script that can execute in an authentica...

CVE-2025-67535

CVE-2025-67535 affects the WordPress WP Maps plugin (wp-google-map-plugin)

CVE-2025-67534 WordPress Rencontre plugin <= 3.13.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through = 3.13.7...