CVE-2025-15654 WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8...

CVE-2025-15654 WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8...

CVE-2025-15654

CVE-2025-15654 describes a Reflected XSS in the Fox-themes Prague WordPress plugin (≤ 2.2.8). The root cause is improper neutralization of input during web page generation. Affected software is the Prague plugin, with vulnerable versions listed as up to 2.2.8; the issue is classified with CVSS 3....

CVE-2025-67972 WordPress Zoho ZeptoMail plugin <= 3.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zoho ZeptoMail: from n/a through 3.2.9...

CVE-2025-67972 WordPress Zoho ZeptoMail plugin <= 3.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zoho ZeptoMail: from n/a through 3.2.9...

CVE-2025-67972

Technical details about CVE-2025-67972 are not provided in the connected documents. Public details in the set pertain to other products (e.g., Prague plugin) and do not confirm affected vendor/version/root-cause for Zoho ZeptoMail. Monitor for updates.

WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Prague versions = 2.2.8...