CVE-2025-39374

CVE-2025-39374 : Cross-Site Request Forgery (CSRF) leading to Stored XSS in the WordPress plugin “Best Posts Summary” for versions up to 1.0. The CVE is documented with CVSS v3.1 base score 7.1 (HIGH) and network attack vector, low confidentiality/integrity/availability impact, and user interacti...

CVE-2025-39369

CVE-2025-39369 affects WordPress Posts for Page plugin (≤ 2.1). Root cause: improper neutralization of input during web page generation, enabling DOM-based XSS. Impact per sources: cross-site scripting with low privileges and user interaction required; affected versions are n/a through 2.1. Publi...

CVE-2025-39369 WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sihibbs Posts for Page posts-for-page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through = 2.1...

CVE-2025-39369 WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sihibbs Posts for Page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through 2.1...

PT-2025-22027 · Unknown · Sihibbs Posts For Page

Name of the Vulnerable Software and Affected Versions: sihibbs Posts for Page versions n/a through 2.1 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. This means that an attacker...

CVE-2025-4885

creationtimestamp| type| source ---|---|--- 2025-05-18 15:55:07+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lphg6qvn75c2 2025-05-18 17:12:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lphkjyf2ls2h...

CVE-2025-4874

creationtimestamp| type| source ---|---|--- 2025-05-18 12:53:14+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lph3y4yjose2 2025-05-18 13:08:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lph4ve4s552h...

CVE-2024-12767

The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts...

CVE-2024-10639

The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-30072

creationtimestamp| type| source ---|---|--- 2025-05-17 04:23:10+00:00| seen| https://schleuss.online/users/vulnbot/statuses/114521262474751027 2025-05-17 04:55:04+00:00| seen| https://bsky.app/profile/nimblenerd.social/post/3lpdqtu6ltw24 2025-05-17 04:55:23+00:00| seen|...

WordPress Auto Prune Posts plugin < 3.0.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Auto Prune Posts versions 3.0.0...

Beware! A threat actor could steal the titles of your private (and draft) WordPress posts with this new vulnerability!

As of today, almost a billion sites have been built using WordPress, powering businesses and organizations of all sizes. That makes any newly discovered vulnerability especially concerning—like the one recently found and reported by Imperva researchers, which could affect any WordPress site. In...

CVE-2025-48174

creationtimestamp| type| source ---|---|--- 2025-05-16 05:34:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16629 2025-08-17 20:17:34+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwmpc3422c2w 2025-08-17 20:34:08+00:00| seen|...

CVE-2025-4169 Posts per Cat [Unmaintained] <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Posts per Cat Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ppc' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Posts per Cat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2024-12767

The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts...

CVE-2024-12767

The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts...

CVE-2024-10639

The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12767

The CVE concerns the buddyboss-platform WordPress plugin prior to 2.7.60. Affected: buddyboss-platform

CVE-2024-0249 Advanced Schedule Posts <= 2.1.8 - Reflected XSS

The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins...