Medium
CVE-2025-22563
Cross-Site Request Forgery (CSRF) vulnerability in Faaiq Pretty Url allows Cross Site Request Forgery.This issue affects Pretty Url: from n/a through 1.5.4.
Read moreAll CVEs — 2025
Page 219/225.
Browse all CVEs by publication year. Use filters to refine.
CVSS ≥ 0.0
2025-01-07
Medium
CVE-2025-22562
Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk Title Experiments Free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through 9.0.4.
Read more
Medium
CVE-2025-22560
Missing Authorization vulnerability in Saoshyant.1994 Saoshyant Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Saoshyant Page Builder: from n/…
Read more
High
CVE-2025-22559
Cross-Site Request Forgery (CSRF) vulnerability in Mario Mansour and Geoff Peters TubePress.NET allows Cross Site Request Forgery.This issue affects TubePress.NET: from n/a through 4.0.1.
Read more
Medium
CVE-2025-22558
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus C. J. Hartmann mcjh button shortcode allows Stored XSS.This issue affects mcjh button shor…
Read more
High
CVE-2025-22557
Cross-Site Request Forgery (CSRF) vulnerability in WPMagic News Publisher Autopilot allows Cross Site Request Forgery.This issue affects News Publisher Autopilot: from n/a through 2.1.4.
Read more
High
CVE-2025-22556
Cross-Site Request Forgery (CSRF) vulnerability in Greg Whitehead Norse Rune Oracle Plugin allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a through 1.4.1.
Read more
High
CVE-2025-22555
Cross-Site Request Forgery (CSRF) vulnerability in Noel Jarencio. Smoothness Slider Shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: from n/a through v1.2.2.
Read more
Medium
CVE-2025-22554
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Franklin Video Embed Optimizer allows Stored XSS.This issue affects Video Embed Optimizer: f…
Read more
High
CVE-2025-22552
Cross-Site Request Forgery (CSRF) vulnerability in Jason Keeley, Bryan Nielsen Affiliate Disclosure Statement allows Cross Site Request Forgery.This issue affects Affiliate Disclosure Statement: from…
Read more
Medium
CVE-2025-22551
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Julien Crego Boot-Modal allows Stored XSS.This issue affects Boot-Modal: from n/a through 1.9.1.
Read more
Medium
CVE-2025-22550
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddFunc AddFunc Mobile Detect allows Stored XSS.This issue affects AddFunc Mobile Detect: from n/…
Read more
Medium
CVE-2025-22549
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pablo Cornehl WP Github allows Stored XSS.This issue affects WP Github: from n/a through 1.3.3.
Read more
High
CVE-2025-22548
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Koenen ldap_login_password_and_role_manager allows Stored XSS.This issue affects ldap_login…
Read more
High
CVE-2025-22547
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jay Krishnan G JK Html To Pdf allows Stored XSS.This issue affects JK Html To Pdf: from n/a throu…
Read more
Medium
CVE-2025-22546
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in One Plus Solution jQuery TwentyTwenty allows Stored XSS.This issue affects jQuery TwentyTwenty: f…
Read more
Medium
CVE-2025-22545
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sw-galati.ro iframe to embed allows Stored XSS.This issue affects iframe to embed: from n/a throu…
Read more
Medium
CVE-2025-22544
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mind Doodle Mind Doodle Visual Sitemaps & Tasks allows Stored XSS.This issue affects Mind Doodle…
Read more
Medium
CVE-2025-22543
Missing Authorization vulnerability in Beautiful Templates ST Gallery WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through 1.0…
Read more
Medium
CVE-2025-22541
Missing Authorization vulnerability in Etruel Developments LLC WP Delete Post Copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Copies:…
Read more
High
CVE-2025-22538
Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot allows Stored XSS.This issue affects Virtual Bot: from n/a through 1.0.0.
Read more
High
CVE-2025-22536
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hiren Patel WP Music Player allows SQL Injection.This issue affects WP Music Player: from n/a thr…
Read more
Medium
CVE-2025-22534
Missing Authorization vulnerability in Ella van Durpe Slides & Presentations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/…
Read more
High
CVE-2025-22533
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WOOEXIM.COM WOOEXIM allows SQL Injection.This issue affects WOOEXIM: from n/a through 5.0.0.
Read more
Medium
CVE-2025-22532
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nagy Sandor Simple Photo Sphere allows Stored XSS.This issue affects Simple Photo Sphere: from n/…
Read more
Medium
CVE-2025-22531
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M Bilal M Urdu Formatter – Shamil allows Stored XSS.This issue affects Urdu Formatter – Shamil: f…
Read more
Medium
CVE-2025-22530
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SIOT 아임포트 결제버튼 생성 플러그인 allows Stored XSS.This issue affects 아임포트 결제버튼 생성 플러그인: from n/a through 1…
Read more
Medium
CVE-2025-22529
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WORDPRESTEEM WE Blocks allows Stored XSS.This issue affects WE Blocks: from n/a through 1.3.5.
Read more
Medium
CVE-2025-22528
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huurkalender Huurkalender WP allows Stored XSS.This issue affects Huurkalender WP: from n/a throu…
Read more
Medium
CVE-2025-22525
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bharatkambariya Donation Block For PayPal allows Stored XSS.This issue affects Donation Block For…
Read more
Medium
CVE-2025-22524
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in instaform.ir فرم ساز فرم افزار allows Stored XSS.This issue affects فرم ساز فرم افزار: from n/a t…
Read more
High
CVE-2025-22522
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roya Khosravi SingSong allows Stored XSS.This issue affects SingSong: from n/a through 1.2.
Read more
High
CVE-2025-22520
Cross-Site Request Forgery (CSRF) vulnerability in Tock Tock Widget allows Cross Site Request Forgery.This issue affects Tock Widget: from n/a through 1.1.
Read more
High
CVE-2025-22519
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows SQL Injection.This issue affects eDoc Easy Tables:…
Read more
Medium
CVE-2025-22518
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KentoThemes Justified Image Gallery allows Stored XSS.This issue affects Justified Image Gallery:…
Read more
Medium
CVE-2025-22517
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Huson List Pages at Depth allows Stored XSS.This issue affects List Pages at Depth: from n/a…
Read more
Medium
CVE-2025-22516
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Patel Metadata SEO allows Stored XSS.This issue affects Metadata SEO: from n/a through 2.3.
Read more
Medium
CVE-2025-22515
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simon Chuang Show Google Analytics widget allows Stored XSS.This issue affects Show Google Analyt…
Read more
Medium
CVE-2025-22512
Missing Authorization vulnerability in Sprout Apps Help Scout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Help Scout: from n/a through 6.5.1.
Read more
Medium
CVE-2025-22511
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ella van Durpe Slides & Presentations allows Stored XSS.This issue affects Slides & Presentations…
Read more
High
CVE-2025-22507
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Benjamin Santalucia (ben@woow-fr.com) WPMU Prefill Post allows SQL Injection.This issue affects W…
Read more
Medium
CVE-2025-22503
Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress – enable debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug:…
Read more
High
CVE-2025-22502
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mindvalley MindValley Super PageMash allows SQL Injection.This issue affects MindValley Super Pag…
Read more
High
CVE-2025-22338
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lich_wang WP-tagMaker allows Reflected XSS.This issue affects WP-tagMaker: from n/a through 0.2.2.
Read more
High
CVE-2025-22335
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md. Rajib Dewan Opencart Product in WP allows Reflected XSS.This issue affects Opencart Product i…
Read more
High
CVE-2025-22294
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravity Master Custom Field For WP Job Manager allows Reflected XSS.This issue affects Custom Fie…
Read more
Critical
CVE-2025-21624
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding t…
Read more
High
CVE-2025-21623
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which resul…
Read more
High
CVE-2025-21622
ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks…
Read more
Medium
CVE-2025-0298
A vulnerability was found in code-projects Online Book Shop 1.0. It has been rated as critical. This issue affects some unknown processing of the file /process_login.php. The manipulation of the argu…
Read more
Medium
CVE-2025-0297
A vulnerability was found in code-projects Online Book Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /detail.php. The manipulation of the argument id…
Read more
Critical
CVE-2025-0247
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t…
Read more
Medium
CVE-2025-0244
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vuln…
Read more
Medium
CVE-2025-0243
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort so…
Read more
Medium
CVE-2025-0242
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption a…
Read more
High
CVE-2025-0241
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134,…
Read more
Medium
CVE-2025-0240
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.…
Read more
Medium
CVE-2025-0239
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird…
Read more
Medium
CVE-2025-0238
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128…
Read more
Medium
CVE-2025-0237
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege…
Read more
High
CVE-2024-56056
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through 1.4.…
Read more
Critical
CVE-2024-55556
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploi…
Read more
High
CVE-2024-55008
JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple…
Read more
High
CVE-2024-53800
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a…
Read more
High
CVE-2024-53345
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
Read more
Medium
CVE-2024-52813
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptograp…
Read more
High
CVE-2024-48245
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking.…
Read more
High
CVE-2024-46603
An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload.
Read more
High
CVE-2024-46602
An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a cra…
Read more
High
CVE-2024-46601
Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.
Read more
High
CVE-2024-46242
An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e…
Read more
High
CVE-2024-40702
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validat…
Read more
Medium
CVE-2024-28778
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or reposit…
Read more
Medium
CVE-2024-25037
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
Read more
Medium
CVE-2022-22363
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.…
Read more
Low
CVE-2021-20455
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.…
Read more
Medium
CVE-2025-0296
A vulnerability was found in code-projects Online Book Shop 1.0. It has been classified as critical. This affects an unknown part of the file /booklist.php. The manipulation of the argument subcatid…
Read more
Low
CVE-2025-0295
A vulnerability was found in code-projects Online Book Shop 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /booklist.php?subcatid=1. The manipulat…
Read more
Medium
CVE-2024-11681
A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror.
Read more
Medium
CVE-2025-0294
A vulnerability has been found in SourceCodester Home Clean Services Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /public_h…
Read more
Medium
CVE-2024-45640
IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.
Read more
Medium
CVE-2024-45100
IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.
Read more
Medium
CVE-2024-12738
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in al…
Read more
Medium
CVE-2024-12426
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environme…
Read more
Medium
CVE-2024-12131
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 d…
Read more
Medium
CVE-2024-52893
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This i…
Read more
Medium
CVE-2024-52891
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralizatio…
Read more
Medium
CVE-2024-52367
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.
Read more
Medium
CVE-2024-52366
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An…
Read more
Medium
CVE-2024-12711
The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questi…
Read more
Medium
CVE-2024-12532
The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possibl…
Read more
Low
CVE-2024-12425
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitr…
Read more
Medium
CVE-2024-12316
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.…
Read more
Medium
CVE-2024-12033
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes…
Read more
Medium
CVE-2024-11826
The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross…
Read more
High
CVE-2025-22364
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Service Shogun Ach Invoice App allows PHP Local File Inclusion.This issue affe…
Read more
Medium
CVE-2025-22362
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Powerfusion WPAchievements Free allows Stored XSS.This issue affects WPAchievements Free: from n/…
Read more
High
CVE-2025-22359
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PJFC SyncFields allows Reflected XSS.This issue affects SyncFields: from n/a through 2.1.
Read more
High
CVE-2025-22358
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcon Simone Wp advertising management allows Reflected XSS.This issue affects Wp advertising ma…
Read more
High
CVE-2025-22357
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Plugins Target Notifications allows Reflected XSS.This issue affects Target Notifications:…
Read more
High
CVE-2025-22355
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kiKx Kikx Simple Post Author Filter allows Reflected XSS.This issue affects Kikx Simple Post Auth…
Read more
High
CVE-2025-22353
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Balcom-Vetillo Design, Inc. BVD Easy Gallery Manager allows Reflected XSS.This issue affects BVD…
Read more
High
CVE-2025-22352
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes allows Blind SQL I…
Read more
High
CVE-2025-22351
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenguinArts Contact Form 7 Database – CFDB7 allows SQL Injection.This issue affects Contact Form…
Read more
High
CVE-2025-22349
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects Wor…
Read more
High
CVE-2025-22348
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTO GmbH DynamicTags allows Blind SQL Injection.This issue affects DynamicTags: from n/a through…
Read more
High
CVE-2025-22347
Cross-Site Request Forgery (CSRF) vulnerability in BannerSky.com BSK Forms Blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through 3.9.
Read more
High
CVE-2025-22343
Cross-Site Request Forgery (CSRF) vulnerability in Dennis Koot wpSOL allows Stored XSS.This issue affects wpSOL: from n/a through 1.2.0.
Read more
High
CVE-2025-22342
Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Simple Sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through 0.2.
Read more
Medium
CVE-2025-22339
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemeArt Store Commerce allows DOM-Based XSS.This issue affects Store Commerce: from n/a through…
Read more
High
CVE-2025-22336
Cross-Site Request Forgery (CSRF) vulnerability in WordPress 智库 Wizhi Multi Filters by Wenprise allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n/a through 1.8.6.
Read more
Medium
CVE-2025-22333
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elem…
Read more
High
CVE-2025-22328
Cross-Site Request Forgery (CSRF) vulnerability in Elevio Elevio allows Stored XSS.This issue affects Elevio: from n/a through 4.4.1.
Read more
Medium
CVE-2025-22327
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer EO4WP allows Stored XSS.This issue affects EO4WP: from n/a through 1.0.7.
Read more
High
CVE-2025-22326
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5centsCDN 5centsCDN allows Reflected XSS.This issue affects 5centsCDN: from n/a through 24.8.16.
Read more
High
CVE-2025-22325
Cross-Site Request Forgery (CSRF) vulnerability in Nik Chankov Autocompleter allows Stored XSS.This issue affects Autocompleter: from n/a through 1.3.5.2.
Read more
High
CVE-2025-22324
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andon Ivanov OZ Canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through…
Read more
Medium
CVE-2025-22323
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Image Hover Effects for Elementor allows Stored XSS.This issue affects Image Hover Ef…
Read more
Medium
CVE-2025-22321
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TheInnovs ElementsCSS Addons for Elementor allows Stored XSS.This issue affects ElementsCSS Addon…
Read more
High
CVE-2025-22320
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProductDyno ProductDyno allows Reflected XSS.This issue affects ProductDyno: from n/a through 1.0…
Read more