CVE-2025-66091 WordPress Stylish Cost Calculator plugin <= 8.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through = 8.1.5...

CVE-2025-66081 WordPress Head Meta Data plugin <= 20250327 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...

CVE-2025-66066 WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through = 1.9.11...

CVE-2025-66059

CVE-2025-66059 affects WordPress plugin Seriously Simple Podcasting (&lt;= 3.13.0). The vulnerability is an unauthenticated information disclosure that allows retrieval of embedded sensitive data, as indicated by the CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) with a base score of 5.3. ...

EUVD-2025-198480

Cross-Site Request Forgery CSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

CVE-2025-66061

CVE-2025-66061 is a CSRF vulnerability in WordPress plugin Seriously Simple Podcasting (

CVE-2025-66056 WordPress Uncanny Automator plugin < 6.10.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through 6.10.0...

WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin SupportCandy versions = 3.4.1...

CVE-2025-12039 BigBuy Dropshipping Connector for WooCommerce <= 2.0.5 - Unauthenticated IP Spoofing to phpinfo() Exposure

The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...

CVE-2025-11763

The Display Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'columncount' parameter in the display-pages shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-11802

Summary of CVE-2025-11802. The Bulma Shortcodes plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability via the type attribute of the bulma-notification shortcode. This applies to all versions up to and including 1.0. authenticated attackers with Contributor+ privile...

CVE-2025-11456

CVE-2025-11456 affects the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress. The vulnerability is an unauthenticated arbitrary file upload due to missing file-type validation in the eh_crm_new_ticket_post() function across all versions up to and including 3.3.1. The issue ...

CVE-2025-11770

The BrightTALK WordPress Shortcode plugin (WordPress) is vulnerable to Stored Cross-Site Scripting via the format attribute of the brighttalk-time shortcode in all versions up to 2.4.0. The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers wit...

WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin TI WooCommerce Wishlist versions = 2.10.0...

WordPress plugin Shortcodes Bootstrap 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Featured Post Creative 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Islamic Phrases 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site...

WordPress plugin Padlet Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin 简数采集器 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Tiktok Feed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...