CVE-2025-53234

CVE-2025-53234 is a reflected Cross‑Site Scripting (XSS) vulnerability in AndonDesign UDesign Core for WordPress, affecting Core/UDesign Core versions up to and including 4.14.0. The root cause is improper neutralization of user input during web page generation, allowing injected scripts via vuln...

CVE-2025-52770

CVE-2025-52770 concerns the WordPress Hello Followers plugin (versions up to and including 2.5). The vulnerability is a reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Affected component: Hellofollowers plugin; root cause: improper handling...

CVE-2025-52743

CVE-2025-52743 describes a Reflected XSS in the WordPress plugin oik-privacy-policy (bobbingwide) with vulnerable versions up to 1.4.9 per the CVE/NVD/Red Hat entries. Public sources also indicate a remediation path: update to a version greater than 1.4.9 (PatchStack references 1.4.10 and beyond)...

CVE-2025-52738 WordPress Wikipedia Preview plugin <= 1.15.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through = 1.15.0...

CVE-2025-52736 WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through = 2.20.0...

CVE-2025-52735 WordPress NextMove Lite plugin <= 2.24.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through = 2.24.0...

CVE-2025-49945 WordPress Shortcode Generator plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

CVE-2025-49938

CVE-2025-49938 is a stored Cross-Site Scripting (XSS) vulnerability in CrocoBlock JetEngine (WordPress plugin) up to version 3.7.3. The issue stems from improper input neutralization during web page generation. Impact is consistent with stored XSS on JetEngine pages, with CVSS 3.1 base score 6.5 ...

CVE-2025-49933 WordPress JetBlog plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlog jet-blog allows Reflected XSS.This issue affects JetBlog: from n/a through = 2.4.4...

CVE-2025-49931

Summary: CVE-2025-49931 affects CrocoBlock JetSearch (JetSearch) WordPress plugin versions through 3.5.10. The flaw is an improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Affected component is the JetSearch PHP/SQL handling path (the credentialed root cau...

CVE-2025-49922

The CVE-2025-49922 entry concerns the WordPress WPeMatico RSS Feed Fetcher plugin (

CVE-2025-49921

CVE-2025-49921 describes an Local File Inclusion (LFI) in the WordPress JetReviews plugin ≤ 3.0.0 due to improper control of the filename in include/require statements, enabling potential local file exposure. The issue affects JetReviews versions up to 3.0.0. Remediation recommended: update JetRe...

CVE-2025-49906 WordPress WPComplete plugin <= 2.9.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through = 2.9.5.3...

CVE-2025-49377 WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through = 1.1.9...

CVE-2025-49377 WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through = 1.1.9...

CVE-2025-49373 WordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Cross Site Request Forgery.This issue affects Evergreen Content Poster: from n/a through = 1.4.5...

CVE-2025-48091

CVE-2025-48091 affects WordPress AnyComment plugin up to version 0.3.6. Multiple connected sources (CNVD-2025-25836, RH:CVE-2025-48091, PT-2025-43154) attribute SQL Injection to improper neutralization of external SQL elements in AnyComment, enabling arbitrary SQL execution and potential data exp...

CVE-2025-48092 WordPress Fix Multiple Redirects plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jurajpuchky Fix Multiple Redirects fix-multiple-redirects allows Reflected XSS.This issue affects Fix Multiple Redirects: from n/a through = 1.2.3...

CVE-2025-48091 WordPress AnyComment plugin <= 0.3.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through = 0.3.6...

CVE-2025-39534 WordPress Terms Dictionary Plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Somonator Terms Dictionary terms-dictionary allows Reflected XSS.This issue affects Terms Dictionary: from n/a through = 1.5.1...