CVE-2025-1453 Category Posts Widget < 4.9.20 - Admin+ Stored XSS

The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-1453

CVE-2025-1453 refers to WordPress plugin Category Posts Widget (versions before 4.9.20). The vulnerability arises from insufficient sanitisation/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Conn...

WordPress plugin Category Posts Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in th...

PT-2025-17824 · Unknown · Alphasis Related Posts Via Taxonomies

Name of the Vulnerable Software and Affected Versions: alphasis Related Posts via Taxonomies versions n/a through 1.0.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a...

CVE-2025-3529

creationtimestamp| type| source ---|---|--- 2025-04-23 09:20:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnhuhjjesl2h 2025-04-23 09:48:51+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114386647651425453 2025-04-23 12:48:31+00:00| seen|...

CVE-2024-11299

The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2025-46227

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4...

CVE-2025-46227

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brecht Custom Related Posts custom-related-posts allows Stored XSS.This issue affects Custom Related Posts: from n/a through = 1.7.4...

CVE-2025-46227 WordPress Custom Related Posts plugin <= 1.7.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brecht Custom Related Posts custom-related-posts allows Stored XSS.This issue affects Custom Related Posts: from n/a through = 1.7.4...

CVE-2025-46227

CVE-2025-46227 is a Cross-Site Scripting (XSS) vulnerability in the Brecht Custom Related Posts WordPress plugin. The issue is an improper neutralization of input during web page generation, enabling stored XSS. Affected versions are up to and including 1.7.4 (n/a through 1.7.4). The vulnerabilit...

CVE-2024-58250

creationtimestamp| type| source ---|---|--- 2025-04-22 01:02:25+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12776 2025-04-22 03:04:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lneoz2r3lz2l 2025-04-22 03:48:18+00:00| seen|...

PT-2025-17494 · Unknown · Brecht Custom Related Posts

Name of the Vulnerable Software and Affected Versions: Brecht Custom Related Posts versions n/a through 1.7.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...

PT-2025-17519 · WordPress · Memberpress

Name of the Vulnerable Software and Affected Versions: Memberpress plugin for WordPress versions up to, and including, 1.11.37 Description: The issue allows unauthenticated attackers to extract sensitive data from restricted posts, such as those limited to higher-level roles like administrators,...

CVE-2025-28367

creationtimestamp| type| source ---|---|--- 2025-04-21 18:59:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lndtv7gvng2c 2025-04-21 19:49:41+00:00| seen| https://t.me/cvedetector/23453 2025-04-22 05:44:47+00:00| confirmed|...

CVE-2025-3857

creationtimestamp| type| source ---|---|--- 2025-04-21 16:02:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12688 2025-04-21 18:31:51+00:00| published-proof-of-concept| Telegram/5EJUZnGupE7gi7RJmr2FV0ZRgpmrRFRfEIarwGmxg4P8ExE 2025-04-21 18:59:10+00:00| seen|...

CVE-2025-29660

creationtimestamp| type| source ---|---|--- 2025-04-21 15:02:51+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12669 2025-04-21 16:04:33+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114376800501667579 2025-04-21 16:13:56+00:00| seen|...

CVE-2025-3825

creationtimestamp| type| source ---|---|--- 2025-04-20 11:58:07+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnalvb6v6la2 2025-04-20 12:01:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12612 2025-04-20...

CVE-2025-3820

creationtimestamp| type| source ---|---|--- 2025-04-19 17:53:32+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114365904488230965 2025-04-19 20:59:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12597 2025-04-19 23:48:24+00:00| seen|...

CVE-2025-2010

creationtimestamp| type| source ---|---|--- 2025-04-19 02:59:06+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12558 2025-04-19 03:06:50+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln55ovf3sxo2 2025-04-19 05:30:45+00:00| seen|...

CVE-2024-57493

creationtimestamp| type| source ---|---|--- 2025-04-18 19:59:09+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12536 2025-04-18 20:33:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ln4hrghkyl2h 2025-04-18 23:16:13+00:00| seen|...