4 matches found
CVE-2025-62949
CVE-2025-62949 relates to a Cross-Site Scripting (XSS) vulnerability in the WordPress/BuddyPress plugin chain: Activity Plus Reloaded for BuddyPress (bp-activity-plus-reloaded) with versions up to and including 1.1.2. The issue is described as an improper neutralization of input during web page g...
PT-2025-14457 · WordPress · Insert Headers/Footers Code – Ht Script
Name of the Vulnerable Software and Affected Versions: The Insert Headers and Footers Code – HT Script plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to a missing capability check on the ajax dismiss function, allowing authenticated attackers with...
WordPress CRM Perks Forms Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51536 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e48c62e620dc Credits Huynh Tien Si Required privilege...
WordPress Contact Form to Any API Plugin <= 1.1.2 is vulnerable to SQL Injection
Software Contact Form to Any API Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32741 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7672258ac26c Credits Arvandy Required privilege Administrator...