Latest CVE Feed
-
6.5
MEDIUMCVE-2025-57986
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in husani WP Subtitle allows Stored XSS. This issue affects WP Subtitle: from n/a through 3.4.1.... Read more
Affected Products : wp_subtitle- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-57930
Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation allows Cross Site Request Forgery. This issue affects Double the Donation: from n/a through 2.0.0.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-57983
Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects BP Disable Activation Reloaded: from n/a through 1.2.1.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-57960
Cross-Site Request Forgery (CSRF) vulnerability in TravelMap Travel Map allows Cross Site Request Forgery. This issue affects Travel Map: from n/a through 1.0.3.... Read more
Affected Products : travelmap- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-57942
Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 9.0.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-57937
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher allows Retrieve Embedded Sensitive Data. This issue affects WPeMatico RSS Feed Fetcher: from n/a through 2.8.10.... Read more
Affected Products : wpematico_rss_feed_fetcher- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-57927
Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad allows Cross Site Request Forgery. This issue affects Dashboard Notepad: from n/a through 1.42.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-57923
Insertion of Sensitive Information Into Sent Data vulnerability in Ideal Postcodes UK Address Postcode Validation allows Retrieve Embedded Sensitive Data. This issue affects UK Address Postcode Validation: from n/a through 3.9.2.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Information Disclosure
-
7.2
HIGHCVE-2025-53465
Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector allows Object Injection. This issue affects GSheets Connector: from n/a through 1.1.1.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Injection
-
5.9
MEDIUMCVE-2025-53455
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl – Płatności WooCommerce allows Stored XSS. This issue affects CashBill.pl – Płatności WooCommerce: from n/a through 3.2.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-57904
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-EXPERTS.IN Sales Count Manager for WooCommerce allows Stored XSS. This issue affects Sales Count Manager for WooCommerce: from n/a through 2.5.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-53467
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Login-Logout allows Stored XSS. This issue affects Login-Logout: from n/a through 3.8.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-57973
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chad Butler WP-Members allows Stored XSS. This issue affects WP-Members: from n/a through 3.5.4.2.... Read more
Affected Products : wp-members- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-53466
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Better Find and Replace allows Stored XSS. This issue affects Better Find and Replace: from n/a through 1.7.6.... Read more
Affected Products : better_find_and_replace- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-57975
Missing Authorization vulnerability in RadiusTheme Team allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team: from n/a through 5.0.6.... Read more
Affected Products : team_-_wordpress_team_members_showcase- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-57976
Missing Authorization vulnerability in CardCom CardCom Payment Gateway allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CardCom Payment Gateway: from n/a through 3.5.0.4.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-57978
Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking & Scheduling allows Cross Site Request Forgery. This issue affects Advanced Appointment Booking & Scheduling: from n/a through 1.9.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-57966
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery Lightbox allows Stored XSS. This issue affects Gallery Lightbox: from n/a through 1.0.0.41.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-57987
Missing Authorization vulnerability in ThimPress WP Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Events Manager: from n/a through 2.2.1.... Read more
Affected Products : wp_events_manager- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-57958
Missing Authorization vulnerability in WPXPO WowAddons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowAddons: from n/a through 1.0.17.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authorization