WordPress Plugin MasterStudy LMS Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MasterStudy LMS, which...

WordPress AIO Forms plugin <= 1.3.18 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by tmrswrr in WordPress Plugin AIO Forms versions = 1.3.18...

WordPress Time Clock plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability

Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Time Clock versions = 1.3.1...

CVE-2025-59048

OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a...

CVE-2025-49929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows Stored XSS.This issue affects Ultimate Blocks: from n/a through = 3.3.6...

CVE-2025-60134

Cross-Site Request Forgery CSRF vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through = 2.1.0...

CVE-2025-59048 OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method

OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a...

CVE-2025-11870

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

WordPress Builderall Builder for WordPress plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Builderall Builder for WordPress versions = 3.0.1...

EUVD-2025-35546

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPClever WPC Countdown Timer for WooCommerce wpc-countdown-timer allows Stored XSS.This issue affects WPC Countdown Timer for WooCommerce: from n/a through = 3.1.4...

CVE-2025-49962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.5...

CVE-2025-49947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...

CVE-2025-49925

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

CVE-2025-49911

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...

CVE-2025-62062 WordPress Easy Post Submission plugin <= 1.7.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Retrieve Embedded Sensitive Data.This issue affects Easy Post Submission: from n/a through = 1.7.0...

CVE-2025-62060 WordPress Tab Ultimate plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themepoints Tab Ultimate tabs-pro.This issue affects Tab Ultimate: from n/a through = 1.8...

CVE-2025-62048 WordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform SmartCrawl smartcrawl-seo.This issue affects SmartCrawl: from n/a through = 3.14.3...

CVE-2025-62042

CVE-2025-62042 is a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Event post” (event-post) affecting versions up to and including 5.10.3. The issue stems from improper input neutralization during web page generation, enabling an attacker to inject malicious scripts. Exploitati...

CVE-2025-62024

CVE-2025-62024 describes an XSS (Cross-site Scripting) vulnerability in the WordPress plugin Pie Calendar (developer: Jonathan Jernigan) with affected versions “from n/a through

CVE-2025-62024 WordPress Pie Calendar plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jonathan Jernigan Pie Calendar pie-calendar.This issue affects Pie Calendar: from n/a through = 1.2.9...