EUVD-2025-5612

Malicious code in bioql PyPI...

CVE-2025-52780

Cross-Site Request Forgery CSRF vulnerability in Mohammad Parsa Logo Manager For Samandehi samandehi-logo-manager allows Stored XSS.This issue affects Logo Manager For Samandehi: from n/a through = 0.5...

CVE-2025-48118

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WpExperts Hub Woocommerce Partial Shipment wc-partial-shipment allows SQL Injection.This issue affects Woocommerce Partial Shipment: from n/a through = 3.2...

CVE-2025-49291

Cross-Site Request Forgery CSRF vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through = 5.3.58...

CVE-2025-49315

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows SQL Injection.This issue affects Persian Woocommerce SMS: from n/a through = 7.0.10...

CVE-2025-47680

CVE-2025-47680 is a Reflected XSS in the WordPress plugin xili-tidy-tags up to version 1.12.06. The issue arises from improper input neutralization during web page generation. Affected software: xili-tidy-tags (WordPress plugin). Root cause and impact are described in public records as Reflected ...

CVE-2024-53771

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sergiomico SimpleSchema simpleschema-free allows DOM-Based XSS.This issue affects SimpleSchema: from n/a through = 1.7.6.9...

CVE-2023-38395

Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through 1.0.1...

WordPress AHAthat Plugin plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion vulnerability

Cross-Site Request Forgery to AHA Page Deletion vulnerability discovered by Régis SENET in WordPress Plugin AHAthat versions = 1.6...

CVE-2025-26902 WordPress Brizy Pro plugin <= 2.6.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1...

PT-2025-15740 · Unknown · Theode Language Field

Name of the Vulnerable Software and Affected Versions: theode Language Field versions n/a through 0.9 Description: A Cross-Site Request Forgery CSRF issue in theode Language Field allows for Stored XSS. Recommendations: For versions n/a through 0.9, consider disabling the Language Field...

CVE-2025-32134

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaizenCoders URL Shortify url-shortify allows Stored XSS.This issue affects URL Shortify: from n/a through = 1.10.5.1...

PT-2025-14154 · Unknown · Post Custom Templates Lite

Name of the Vulnerable Software and Affected Versions: Post Custom Templates Lite versions n/a through 1.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...

CVE-2025-30528

Cross-Site Request Forgery CSRF vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through = 1.2...

CVE-2025-28897

CVE-2025-28897 : CSRF to Stored XSS in the WordPress Domain Theme plugin, affecting versions up to 1.3. The issue is described as Domain Theme

CVE-2025-23708

CVE-2025-23708 is a CSRF-to-Stored XSS vulnerability in the WordPress plugin/solution DF Draggable (Dominic Fallows). The Red Hat advisory notes the issue affects DF Draggable up to version 1.13.2, implying all releases

CVE-2025-23572

CVE-2025-23572 is a CSRF-to-Stored XSS vulnerability in UpDownUpDown (UpDownUpDown: n/a–1.1). Public details from Red Hat confirm the issue, its impact, and affected version range. The CVSS 3.1 base score is 7.1 (HIGH): attack vector NETWORK, attack complexity LOW, privileges NONE, user interacti...

CVE-2024-53776

Cross-Site Request Forgery CSRF vulnerability in raphaelheide Donate Me donate-me allows Stored XSS.This issue affects Donate Me: from n/a through = 1.2.5...

CVE-2024-53709

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows DOM-Based XSS.This issue affects Generic Elements: from n/a through = 1.2.5...

CVE-2024-52464

CVE-2024-52464: Reflected XSS in WordPress plugin amr shortcodes (versions 1.7 and earlier). Root cause is improper input handling during web page generation, enabling an attacker-controlled input to be reflected in the output. Affected component: amr shortcodes. Impact: Reflected XSS risk on pag...