Latest CVE Feed
-
6.1
MEDIUMCVE-2025-14132
The Category Dropdown List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it pos... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-13366
The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticate... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.2
HIGHCVE-2025-12570
The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping in the data-to-image.php and pdf-to-im... Read more
Affected Products : fancy_product_designer- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13747
The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nsp_shortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attribu... Read more
Affected Products : newstatpress- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting