CVE-2025-49042 WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through = 10.0.2...

WordPress plugin Premmerce User Roles 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Jenkins ByteGuard Build Actions Plugin 安全漏洞

Jenkins ByteGuard Build Actions Plugin is an open source pipeline validation plugin for Jenkins. A security vulnerability exists in version 1.0 of the Jenkins ByteGuard Build Actions Plugin, which stems from an unmasked API token on a job configuration form, which could lead to an attacker...

WordPress plugin Stockie Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-44298

Name of the Vulnerable Software and Affected Versions Jenkins Publish to Bitbucket Plugin versions 0.4 and earlier Description A cross-site request forgery CSRF flaw exists in the Jenkins Publish to Bitbucket Plugin. This issue allows attackers to connect to a URL specified by the attacker,...

WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Auto Featured Image Auto Post Thumbnail versions = 4.1.7...

CVE-2025-62937

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through = 0.5.9...

CVE-2025-62984 WordPress WP AdCenter plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through = 2.6.1...

CVE-2025-62982

CVE-2025-62982 : WordPress plugin Dynamic User Directory (&lt;= v2.3) contains a stored XSS flaw due to improper input neutralization during page generation. Wordfence corroborates the CVE and notes the issue affects Dynamic User Directory

CVE-2025-62972 WordPress WebinarPress plugin <= 1.33.28 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through = 1.33.28...

CVE-2025-62967 WordPress DirectoryPress plugin <= 3.6.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through = 3.6.25...

CVE-2025-62957 WordPress NikanWP WooCommerce Reporting plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through = 1.0.0...

CVE-2025-62954 WordPress Revive Old Posts plugin <= 9.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through = 9.3.3...

CVE-2025-62949 WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Stored XSS.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through = 1.1.2...

CVE-2025-62941 WordPress Events Maker by dFactory plugin <= 1.6.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dFactory Events Maker by dFactory events-maker allows Stored XSS.This issue affects Events Maker by dFactory: from n/a through = 1.6.14...

CVE-2025-62883

CVE-2025-62883 concerns the WordPress plugin Premmerce User Roles (versions up to and including 1.0.13). The vulnerability is described as Missing Authorization due to incorrectly configured access control security levels, enabling broken access control and potential elevation of privileges. Affe...

WordPress plugin MSTW CSV EXPORTER 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Paid Videochat Turnkey Site 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

WordPress plugin Reloadly 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site...

WordPress plugin Estatik 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...