CVE-2025-22727

CVE-2025-22727 is an authenticated Stored XSS vulnerability in MailChimp Subscribe Forms (WordPress) plugins, affecting versions up to 4.1. Public sources (Red Hat/Wordfence) indicate the issue has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) and that a patch has been issue...

PT-2025-4652 · Unknown · Pluginops Mailchimp Subscribe Forms

Name of the Vulnerable Software and Affected Versions: PluginOps MailChimp Subscribe Forms versions prior to 4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means an attacker can inject...

CVE-2024-43211

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9...

CVE-2024-43211

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9...

CVE-2024-43211

CVE-2024-43211 is a Stored XSS vulnerability in the WordPress plugin MailChimp Subscribe Forms (versions up to and including 4.0.9.9; affected versions are listed as n/a through 4.0.9.9). The issue stems from improper neutralization of input during web page generation. Impact is described as cros...

PT-2024-30374 · Pluginops · Pluginops Mailchimp Subscribe Forms

Name of the Vulnerable Software and Affected Versions: PluginOps MailChimp Subscribe Forms versions n/a through 4.0.9.9 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

CVE-2024-43345

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.This issue affects Landing Page Builder: from n/a through 1.5.2.0...

CVE-2024-43345

CVE-2024-43345 is a path traversal PHP Local File Inclusion in Landing Page Builder for WordPress. Affected: Landing Page Builder variants from n/a to 1.5.2.0. Cause: improper limitation of a pathname to restricted directories. Access: authenticated (Editor+). Remediation: patch exists (per the c...

CVE-2024-34752 WordPress Landing Page Builder <= 1.5.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8...

CVE-2024-34752

CVE-2024-34752 corresponds to a Reflected XSS in Landing Page Builder for WordPress. The initial description and Red Hat/Wordfence references confirm: vulnerability is due to improper neutralization of input during web page generation, enabling Reflected XSS; affected software is Landing Page Bui...

PT-2024-26159 · Unknown · Pluginops Landing Page Builder

Name of the Vulnerable Software and Affected Versions: PluginOps Landing Page Builder versions through 1.5.1.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations:...

CVE-2024-31923

Cross-Site Request Forgery CSRF vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5...

CVE-2024-31923

CVE-2024-31923 covers a CSRF vulnerability in Feather Login Page for WordPress. The connected documents specify the issue as a Cross-Site Request Forgery via saveData() affecting Feather Login Page versions up to 1.1.5 (no exact minimum version provided in the sources). The CVSS vector in the Ini...

CVE-2024-31923 WordPress Feather Login Page plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5...

PT-2024-24286 · Pluginops · Pluginops Feather Login Page

Name of the Vulnerable Software and Affected Versions: PluginOps Feather Login Page versions 1.1.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in the PluginOps Feather Login Page. This type of vulnerability allows an attacker to trick a user into performi...

CVE-2024-30452

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps Landing Page Builder allows Stored XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.7...

CVE-2024-30452

CVE-2024-30452 affects the Landing Page Builder (PluginOps) for WordPress, with a Stored XSS in input during web page generation (improper neutralization). Affected version range: from n/a through 1.5.1.7. Root cause as per description: improper neutralization of input leading to cross-site scrip...

PT-2024-23381 · Unknown · Pluginops Landing Page Builder

Name of the Vulnerable Software and Affected Versions: PluginOps Landing Page Builder versions 1.5.1.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

CVE-2023-32517

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3...

CVE-2023-32517

CVE-2023-32517 is an Open Redirect vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, and Form Builder for WordPress. Affected versions are up to and including 4.0.9.3 (vendor/product: MailChimp Subscribe Forms plugins). The root cause is an untrusted URL redirecti...