WordPress plugin Pie Forms for WP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2025-47248

Name of the Vulnerable Software and Affected Versions VK All in One Expansion Unit plugin for WordPress versions prior to 9.112.1 Description The software is susceptible to Stored Cross-Site Scripting through the veu custom css parameter. Insufficient input sanitization and output escaping on the...

WordPress plugin everviz 跨站脚本漏洞

WordPress everviz plugin is an interactive chart, map and table generator for the WordPress platform that allows you to quickly create visual content without programming skills. WordPress everviz plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

WordPress plugin Like-it 跨站请求伪造漏洞

WordPress Like-it plugin is an extension to add like-it functionality to WordPress blogs, allowing users to perform like-it operations on posts or comments. The WordPress Like-it plugin suffers from a cross-site request forgery vulnerability, which arises from a web application that does not...

WordPress Broken Link Checker by AIOSEO plugin <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Post Trashing vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Broken Link Checker versions = 1.2.5...

WordPress Download Panel plugin <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Ivan Cese in WordPress Plugin Download Panel Biggiko Team versions = 1.3.3...

WordPress ArtiBot Free Chat Bot for WebSites plugin <= 1.1.7 - Reflected Cross-Site Scripting via PostMessage vulnerability

Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin ArtiBot versions = 1.1.7...

WordPress CSV to SortTable plugin <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin CSV to SortTable versions = 4.2...

CVE-2025-7711

CVE-2025-7711 affects The Classified Listing – Classified ads & Business Directory Plugin for WordPress. The vulnerability arises from improper validation before do_shortcode, enabling authenticated users with Subscriber+ privileges to execute arbitrary shortcodes via listing descriptions. Affect...

WordPress Contact Form Email plugin <= 1.3.58 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Contact Form Email versions = 1.3.58...

CVE-2025-55073

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...

WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Appointment Booking Calendar versions = 1.3.95...

EUVD-2025-186555

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...

WordPress Plugin Chart Expert Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Chart Expert, which stems...

WordPress Plugin Auto Amazon Links - Amazon Associates Affiliate Arbitrary File Read Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An arbitrary file read vulnerability exists in the WordPress plugin Auto Amazon Links - Amazon...

CVE-2025-64379

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through = 7.4.0...

CVE-2025-64381 WordPress Booking Calendar plugin <= 10.14.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through = 10.14.7...

CVE-2025-64369

The CVE refers to WordPress Plugin Contact Form Email

CVE-2025-64277 WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...

CVE-2025-64275

CVE-2025-64275 affects the WordPress Booking Manager plugin. A Stored Cross-Site Scripting (XSS) flaw arises from improper input neutralization during web page generation in Booking Manager versions up to and including 2.1.17. Exploitation could allow injected scripts to run in pages viewed by ot...