CVE-2025-68840 WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

CVE-2025-68840

CVE-2025-68840 is a reflected XSS vulnerability in the WordPress plugin iRobots.txt SEO, affected versions:

CVE-2025-68049 WordPress bunny.net plugin <= 2.3.6 - Broken Access Control vulnerability

Subscriber Broken Access Control in bunny.net = 2.3.6 versions...

CVE-2025-60175

CVE-2025-60175 : WordPress PopAd plugin (≤1.0.4) contains a Server-Side Request Forgery (SSRF) vulnerability. The entry specifies an authenticated (Admin+) context, indicating exploitation requires user authorization, potentially enabling internal network requests to unintended targets. The avail...

CVE-2025-68049

CVE-2025-68049 affects the WordPress bunny.net plugin, version up to 2.3.6, with a Broken Access Control flaw. The CVSS 3.1 base metrics indicate Low impact to confidentiality, integrity, and availability, and a network attack vector with low privileges required and no user interaction. The provi...

CVE-2025-60175 WordPress PopAd Plugin <= 1.0.4 - Server Side Request Forgery (SSRF) Vulnerability

Administrator Server Side Request Forgery SSRF in PopAd = 1.0.4 versions...

CVE-2025-59133 WordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulnerability

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

CVE-2025-59133

CVE-2025-59133 describes an insecure direct object reference (IDOR) in the WordPress plugin Projectopia (WordPress Projectopia – projectopia-core) version

WordPress RTMKit plugin <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access vulnerability

Authenticated Contributor+ Missing Authorization to Arbitrary Form Submission Access vulnerability discovered by wesley wcraft in WordPress Plugin RTMKit versions = 2.0.7...

WordPress Static Block plugin <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by dyingman in WordPress Plugin Static Block versions = 2.2...

WordPress Abandoned Contact Form 7 plugin <= 2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by g0wthr in WordPress Plugin Abandoned Contact Form 7 versions = 2.5...

CVE-2025-15658

Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...

CVE-2025-15659 WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Elizaibots = 1.0.2 versions...

CVE-2025-15659 WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Elizaibots = 1.0.2 versions...

CVE-2025-15659

CVE-2025-15659 concerns the WordPress Elizaibots plugin (versions

CVE-2025-15658

The CVE describes an Administrator-XSS vulnerability in the WordPress WP Emmet plugin versions

CVE-2025-15658 WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability

Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...

CVE-2025-15658 WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability

Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...

WordPress Video Conferencing with Zoom plugin <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure vulnerability

Missing Authorization to Unauthenticated Zoom SDK Credential Exposure vulnerability discovered by aetta in WordPress Plugin Video Conferencing with Zoom versions = 4.6.7...

CVE-2018-25437

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...