Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.

Last week, there were 694 vulnerabilities disclosed in 655 WordPress Plugins and 18 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 80 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 22,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

• Adifier System <= 3.1.7 – Unauthenticated Arbitrary Password Reset
• WAF-RULE-794 – Data redacted while we work with the vendor on a patch.
• WAF-RULE-795 – Data redacted while we work with the vendor on a patch.
• WAF-RULE-796 – Data redacted while we work with the vendor on a patch.
• WAF-RULE-798 – Data redacted while we work with the vendor on a patch.
• WAF-RULE-799 – Data redacted while we work with the vendor on a patch.
• WAF-RULE-800 – Data redacted while we work with the vendor on a patch.
• WAF-RULE-801 – Data redacted while we work with the vendor on a patch.
• WAF-RULE-802 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
SOPROBRO	221
João Pedro Soares de Alcântara	157
Kévin Mosbahi (Mika)	60
0xd4rk5id3	42
Le Ngoc Anh	38
thiennv	13
akas wisnu aji	13
Hassan Khan Yusufzai - Splint3r7	13
LVT-tholv2k	9
Colin Xu	7
ardias	7
mikemyers	4
Trương Hữu Phúc (truonghuuphuc)	4
muhammad yudha	4
Lucio Sá	4
vgo0	4
stealthcopter	4
villu164	3
Zlrqh	3
wesley (wcraft)	3
Peter Thaleikis	3
Dmitrii Ignatyev	3
Pham Van Tam	3
Abdi Pranata	3
I8BL	2
ghsinfosec	2
Sean Murphy	2
zaim	2
Asaf Mozes	2
Stiofan	2
Khalid Yusuf	2
SavPhill (Savphill)	2
Francesco Carlucci	2
theviper17y	2
Parasimpaticki	2
Tonn	2
Robert DeVore	2
Stefan Bogdanovic	2
Joshua Chan	2
mike harris (mikeyh)	1
UKO	1
TANG Cheuk Hei (siunam)	1
Tieu Pham Trong Nhan	1
incognito	1
luc	1
Caesar Evan Santoso	1
Bob Matyas	1
Jon Cagan	1
VigilAInce Seeker	1
Ananda Dhakal	1
Pham Ngoc Duy	1
Li Xuhang	1
Rafie Muhammad	1
tahu.datar	1
Ankit Patel	1
Karolina Jankowska	1
Aiden (Thái An)	1
minhtuanact	1
Thanh Nam Tran	1
Dhabaleshwar Das	1
Nathaniel Oh (Calysteon)	1
Victor Haugen (ChocoTaco)	1
a00n	1
omstaendlig	1
1337_Wannabe	1
Sajjad Ahmad (jack_sparrow)	1
Webula	1
Brian Sans-Souci (liardom)	1
zer0gh0st	1
Dimas Maulana	1
zakaria	1
Ryoma Yamada	1
Andres Roldan	1
István Márton	1
Webbernaut	1
Fariq Fadillah Gusti Insani (fariqfgi)	1
hunter85	1
Ryan Zegar	1
Yamil	1
C_T_R_L	1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Adifier System <= 3.1.7 - Unauthenticated Arbitrary Password Reset

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-13375

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Adifier System

Researcher

Tonn

More Details >

Background animation blocks <= 2.1.5 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-23948

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Background animation blocks

Researcher

LVT-tholv2k

More Details >

Homey Login Register <= 2.4.0 - Unauthenticated Privilege Escalation

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-51888

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
Homey Login Register

Researcher

luc

More Details >

Multi Uploader for Gravity Forms <= 1.1.3 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-23921

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Multi Uploader for Gravity Forms

Researcher

Colin Xu

More Details >

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Authentication Bypass via pms_payment_id

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-12919

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Researcher

wesley (wcraft)

More Details >

Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-9636

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Post Grid By PickPlugins

Researcher

wesley (wcraft)

More Details >

Quick Count <= 3.00 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-23932

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Quick Count

Researcher

João Pedro Soares de Alcântara

More Details >

user files <= 2.4.2 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-23953

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
user files

Researcher

Colin Xu

More Details >

MyAnime Widget <= 1.0 - Cross-Site Request Forgery to Privilege Escalation

9.6

CVSS Rating
Critical (9.6)

CVE-ID
CVE-2025-23532

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MyAnime Widget

Researcher

Kévin Mosbahi (Mika)

More Details >

Custom Post Type Lockdown <= 1.11 - Cross-Site Request Forgery to Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-23530

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Custom Post Type Lockdown WordPress

Researcher

Kévin Mosbahi (Mika)

More Details >

DD Roles <= 4.1 - Authenticated (Subscriber+) Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-23528

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
DD Roles

Researcher

Kévin Mosbahi (Mika)

More Details >

ElementInvader Addons for Elementor <= 1.2.6 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-22786

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
ElementInvader Addons for Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

FAT Event Lite <= 1.1 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-23915

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
FAT Event Lite

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-0394

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

Researcher

wesley (wcraft)

More Details >

Homey <= 2.4.1 - Authenticated (Subscriber+) Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-51800

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
Homey

Researcher

a00n

More Details >

Image Gallery Box by CRUDLab <= 1.0.3 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-23938

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Image Gallery Box by CRUDLab

Researcher

LVT-tholv2k

More Details >

iSpring Embedder <= 1.0 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-23922

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
iSpring Embedder

Researcher

Colin Xu

More Details >

Smallerik File Browser <= 1.1 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-23918

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Smallerik File Browser

Researcher

Colin Xu

More Details >

User Management <= 1.2 - Authenticated (Subscriber+) Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-22736

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
User Management

Researcher

ardias

More Details >

WP Load Gallery <= 2.1.6 - Authenticated (Author+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-23942

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Load Gallery

Researcher

Le Ngoc Anh

More Details >

WP Options Editor <= 1.1 - Cross-Site Request Forgery to Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-23797

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Options Editor

Researcher

Kévin Mosbahi (Mika)

More Details >

WR Price List Manager For Woocommerce <= 1.0.8 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-22782

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
WR Price List Manager For Woocommerce

Researcher

Kévin Mosbahi (Mika)

More Details >

W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery

8.5

CVSS Rating
High (8.5)

CVE-ID
CVE-2024-12365

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
W3 Total Cache

Researcher

villu164

More Details >

Background Control <= 1.0.5 - Cross-Site Request Forgery to Arbitrary File Deletion

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2025-22784

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
Background Control

Researcher

ardias

More Details >

NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2024-11848

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN

Researcher

Sean Murphy

More Details >

Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords <= 3.1 - Unauthenticated PHP Object Injection

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2025-23914

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords

Researcher

Le Ngoc Anh

More Details >

Store Locator for WordPress with Google Maps – LotsOfLocales <= 3.98.10 - Unauthenticated Local File Inclusion

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2025-23422

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Store Locator for WordPress with Google Maps – LotsOfLocales

Researcher

tahu.datar

More Details >

XLSXviewer <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2025-23562

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
XLSXviewer

Researcher

Kévin Mosbahi (Mika)

More Details >

Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2024-13333

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin

Researcher

TANG Cheuk Hei (siunam)

More Details >

Course Booking System <= 6.0.6 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-22785

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
Course Booking System

Researcher

LVT-tholv2k

More Details >

Improved Sale Badges – Free Version <= 1.0.1 - Authenticated (Subscriber+) Local File Inclusion

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-23949

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Improved Sale Badges – Free Version

Researcher

LVT-tholv2k

More Details >

LTL Freight Quotes – Worldwide Express Edition <= 5.0.20 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-24664

Patch Status
Patched

Published
Jan 18, 2025

Affected Software
LTL Freight Quotes – Worldwide Express Edition

Researcher

Colin Xu

More Details >

Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2024-12614

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Passwords Manager

Researcher

Lucio Sá

More Details >

Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2024-12613

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Passwords Manager

Researcher

Lucio Sá

More Details >

Popliup – WordPress Popup Plugin <= 1.1.1 - Authenticated (Subscriber+) Local File Inclusion

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-23945

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Popliup – WordPress Popup Plugin

Researcher

LVT-tholv2k

More Details >

Small Package Quotes – Unishippers Edition <= 2.4.8 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-24665

Patch Status
Patched

Published
Jan 18, 2025

Affected Software
Small Package Quotes – Unishippers Edition

Researcher

Colin Xu

More Details >

Small Package Quotes – Worldwide Express Edition <= 5.2.17 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-24667

Patch Status
Patched

Published
Jan 18, 2025

Affected Software
Small Package Quotes – Worldwide Express Edition

Researcher

Colin Xu

More Details >

The Ultimate WordPress Toolkit – WP Extended <= 3.0.12 - Unauthenticated SQL Injection via Login Attempts Module

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2024-13184

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
The Ultimate WordPress Toolkit – WP Extended

Researchers

stealthcopter

theviper17y

More Details >

Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-0308

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Researcher

mikemyers

More Details >

WOOEXIM – WooCommerce Export Import Plugin <= 5.0.0 - Unauthenticated PHP Object Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-23944

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WOOEXIM – WooCommerce Export Import Plugin

Researcher

João Pedro Soares de Alcântara

More Details >

WordPress Local SEO <= 2.3 - Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-23931

Patch Status
Unpatched

Published
Jan 17, 2025

Affected Software
WordPress Local SEO

Researcher

Aiden (Thái An)

More Details >

WP Cloud <= 1.4.3 - Unauthenticated Arbitrary File Read

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-23819

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Cloud

Researcher

SOPROBRO

More Details >

Barcode Scanner with Inventory & Order Manager <= 1.6.7 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-22723

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)

Researcher

I8BL

More Details >

Better WishList API <= 1.1.3 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-24641

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Better WishList API

Researcher

Kévin Mosbahi (Mika)

More Details >

GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-13377

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Gravity Forms

Researcher

mikemyers

More Details >

REAL WordPress Sidebar <= 0.1 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-23535

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
REAL WordPress Sidebar

Researcher

Kévin Mosbahi (Mika)

More Details >

Social proof testimonials and reviews by Repuso <= 5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-13351

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Social proof testimonials and reviews by Repuso

Researcher

zaim

More Details >

Sticky Button – Click to Chat <= 1.0 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-23839

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Sticky Button – Click to Chat

Researcher

SOPROBRO

More Details >

Blrt WP Embed <= 1.6.9 - Reflected Cross-Site Scripting

7.1

CVSS Rating
High (7.1)

CVE-ID
CVE-2025-23507

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Blrt WP Embed

Researcher

Le Ngoc Anh

More Details >

Easy Filtering <= 2.5.0 - Reflected Cross-Site Scripting

7.1

CVSS Rating
High (7.1)

CVE-ID
CVE-2025-23732

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy Filtering

Researcher

João Pedro Soares de Alcântara

More Details >

Minterpress <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion

7.1

CVSS Rating
High (7.1)

CVE-ID
CVE-2025-23529

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Minterpress

Researcher

Kévin Mosbahi (Mika)

More Details >

ntp-header-images <= 1.2 - Reflected Cross-Site Scripting

7.1

CVSS Rating
High (7.1)

CVE-ID
CVE-2025-23437

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
ntp-header-images

Researcher

João Pedro Soares de Alcântara

More Details >

Database Sync <= 0.5.1 - Authenticated (Subscriber+) Sensitive Information Exposure

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-23486

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Database Sync

Researcher

Kévin Mosbahi (Mika)

More Details >

Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-10799

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Eventer - WordPress Event & Booking Manager Plugin

Researcher

Tonn

More Details >

Menus Plus+ <= 1.9.6 - Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-23910

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Menus Plus+

Researcher

João Pedro Soares de Alcântara

More Details >

Neon Product Designer <= 2.1.1 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-22799

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
Neon Product Designer

Researcher

LVT-tholv2k

More Details >

Passwords Manager <= 1.4.8 - Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-12615

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Passwords Manager

Researcher

Lucio Sá

More Details >

Sandbox <= 0.4 - Missing Authorization to Authenticated (Subscriber+) Sandbox Download

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-13367

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Sandbox

Researcher

Stiofan

More Details >

Solidres – Hotel booking plugin <= 0.9.4 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-23911

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Solidres – Hotel booking plugin for WordPress

Researcher

João Pedro Soares de Alcântara

More Details >

Taskbuilder <= 3.0.6 - Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-22716

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Taskbuilder – WordPress Project & Task Management plugin

Researcher

LVT-tholv2k

More Details >

WC Wallet <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-23527

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WC Wallet

Researcher

Kévin Mosbahi (Mika)

More Details >

WordPress Custom Sidebar <= 2.3 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-23912

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WordPress Custom Sidebar

Researcher

João Pedro Soares de Alcântara

More Details >

WordPress Google Map Professional <= 1.0 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-23913

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WordPress Google Map Professional (Map In Your Language)

Researcher

João Pedro Soares de Alcântara

More Details >

Ad Blocking Detector <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22732

Patch Status
Unpatched

Published
Jan 15, 2025

Affected Software
Ad Blocking Detector

Researcher

SOPROBRO

More Details >

Ajax Contact Form <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22761

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Ajax Contact Form

Researcher

I8BL

More Details >

Ajax WP Query Search Filter <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23926

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Ajax WP Query Search Filter

Researcher

SOPROBRO

More Details >

Annie <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23886

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Annie

Researcher

SOPROBRO

More Details >

Apply with LinkedIn buttons <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23897

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Apply with LinkedIn buttons

Researcher

SOPROBRO

More Details >

Awesome WordPress Timeline Plugin <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23747

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Awesome WordPress Timeline Plugin

Researcher

SOPROBRO

More Details >

Blog Summary <= 0.1.2 β - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23887

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Blog Summary

Researcher

SOPROBRO

More Details >

Bookalet <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23899

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Bookalet

Researcher

SOPROBRO

More Details >

Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13323

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
WP Booking Calendar

Researcher

Asaf Mozes

More Details >

Category D3 Tree <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23873

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Category D3 Tree

Researcher

SOPROBRO

More Details >

CC Circle Progress Bar <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23936

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
CC Circle Progress Bar

Researcher

SOPROBRO

More Details >

Chamber Dashboard Business Directory <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-11452

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Chamber Dashboard Business Directory

Researcher

Peter Thaleikis

More Details >

Charity-thermometer <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23860

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Charity-thermometer

Researcher

SOPROBRO

More Details >

Checkout for PayPal <= 1.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13398

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Checkout for PayPal

Researcher

muhammad yudha

More Details >

Chess Tempo Viewer <= 0.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23868

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Chess Tempo Viewer

Researcher

SOPROBRO

More Details >

CoDesigner WooCommerce Builder for Elementor <= 4.8.6.3 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22788

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
CoDesigner – All in One Elementor WooCommerce Builder

Researcher

Robert DeVore

More Details >

Compare Ninja <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23909

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Compare Ninja: Create Professional Comparison Tables and Easily Add Them to Your Website

Researcher

SOPROBRO

More Details >

Daily Proverb <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23859

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Daily Proverb

Researcher

SOPROBRO

More Details >

Demo User DZS – Showcase your admin safely <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23581

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Demo User DZS – Showcase your admin safely

Researcher

SOPROBRO

More Details >

DZS Ajaxer Lite – Ajaxify Your WordPress Site and Comment <= 1.04 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23579

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
DZS Ajaxer Lite – Ajaxify Your WordPress Site and Comments

Researcher

SOPROBRO

More Details >

Easy EU Cookie law <= 1.3.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23434

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy EU Cookie law

Researcher

SOPROBRO

More Details >

Easy FAQs <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23795

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy FAQs

Researcher

SOPROBRO

More Details >

Easy Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23796

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy Portfolio

Researcher

SOPROBRO

More Details >

Easy Shortcode Buttons <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23825

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy Shortcode Buttons

Researcher

SOPROBRO

More Details >

Easy Tweet Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23890

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy Tweet Embed

Researcher

SOPROBRO

More Details >

Elementor AI Addons <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22758

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements

Researcher

Khalid Yusuf

More Details >

Enhanced YouTube Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23946

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Enhanced YouTube Shortcode

Researcher

SOPROBRO

More Details >

Event Registration Calendar By vcita <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-11870

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Event Registration Calendar By vcita

Researcher

muhammad yudha

More Details >

EZPlayer <= 1.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23950

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
EZPlayer

Researcher

SOPROBRO

More Details >

FAT Event Lite <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22718

Patch Status
Unpatched

Published
Jan 15, 2025

Affected Software
FAT Event Lite

Researcher

SOPROBRO

More Details >

Feedburner Optin Form <= 0.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23925

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Feedburner Optin Form

Researcher

SOPROBRO

More Details >

Flexible PDF Coupons <= 1.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22825

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Flexible PDF Coupons – Gift Cards & Vouchers for WooCommerce

Researcher

SavPhill (Savphill)

More Details >

FontAwesome.io ShortCodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23824

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
FontAwesome.io ShortCodes

Researcher

SOPROBRO

More Details >

Foundation Columns <= 0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22747

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Foundation Columns

Researcher

SOPROBRO

More Details >

Gallery and Lightbox <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22797

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
Gallery and Lightbox

Researcher

SOPROBRO

More Details >

Gallery: Hybrid – Advanced Visual Gallery <= 1.4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23951

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Gallery: Hybrid – Advanced Visual Gallery

Researcher

SOPROBRO

More Details >

GDPR Personal Data Reports <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23777

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
GDPR Personal Data Reports

Researcher

0xd4rk5id3

More Details >

Giveaways and Contests by PromoSimple <= 1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23934

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Giveaways and Contests by PromoSimple

Researcher

SOPROBRO

More Details >

Glofox Shortcodes <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-12508

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Glofox Shortcodes

Researcher

SOPROBRO

More Details >

GMap Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23893

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
GMap Shortcode

Researcher

SOPROBRO

More Details >

GMAPS for WPBakery Page Builder Free <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23775

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
GMAPS for WPBakery Page Builder Free

Researcher

0xd4rk5id3

More Details >

Google Org Chart <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23928

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Google Org Chart

Researcher

SOPROBRO

More Details >

Greek Namedays Widget From Eortologio.Net <= 20191113 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23783

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Greek Namedays Widget From Eortologio.Net

Researcher

0xd4rk5id3

More Details >

HireHive Job Plugin <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22746

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
HireHive Job Plugin

Researcher

SOPROBRO

More Details >

Horizontal Line Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23791

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Horizontal Line Shortcode

Researcher

0xd4rk5id3

More Details >

HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13156

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
HTML5 Video Player – mp4 Video Player Plugin and Block

Researcher

Webbernaut

More Details >

Image Switcher <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23940

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Image Switcher

Researcher

SOPROBRO

More Details >

Image Switcher <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23939

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Image Switcher

Researcher

SOPROBRO

More Details >

imaGenius <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23772

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
imaGenius

Researcher

0xd4rk5id3

More Details >

Incredible Font Awesome <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23927

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Incredible Font Awesome

Researcher

SOPROBRO

More Details >

JB Horizontal Scroller News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23830

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
JB Horizontal Scroller News Ticker

Researcher

SOPROBRO

More Details >

Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-0369

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
JetEngine

Researcher

stealthcopter

More Details >

JSM Screenshot Machine Shortcode <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13385

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
JSM Screenshot Machine Shortcode

Researcher

SOPROBRO

More Details >

Kopa Nictitate Toolkit <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23965

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Kopa Nictitate Toolkit

Researcher

theviper17y

More Details >

Links/Problem Reporter <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23833

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Links/Problem Reporter

Researcher

SOPROBRO

More Details >

Magic Google Maps <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23935

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Magic Google Maps

Researcher

SOPROBRO

More Details >

MailChimp Subscribe Forms <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22727

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder

Researcher

Peter Thaleikis

More Details >

Marmoset Viewer <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23767

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Marmoset Viewer

Researcher

0xd4rk5id3

More Details >

MeinTurnierplan.de Widget Viewer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23941

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MeinTurnierplan.de Widget Viewer

Researcher

SOPROBRO

More Details >

Metaphor Widgets <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23816

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Metaphor Widgets

Researcher

SOPROBRO

More Details >

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13391

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet

Researcher

SOPROBRO

More Details >

Mindmeister Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23896

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Mindmeister Shortcode

Researcher

SOPROBRO

More Details >

MLL Audio Player MP3 Ajax <= 0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23561

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MLL Audio Player MP3 Ajax

Researcher

Kévin Mosbahi (Mika)

More Details >

Multifox <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22769

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Multifox

Researcher

stealthcopter

More Details >

MyBookProgress by Stormhill Media <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via book Parameter

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-12598

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MyBookProgress by Stormhill Media

Researcher

SOPROBRO

More Details >

Nativery <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22781

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Nativery Plugin

Researcher

SOPROBRO

More Details >

Navigation Du Lapin Blanc <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22745

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Navigation Du Lapin Blanc

Researcher

SOPROBRO

More Details >

Nite Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23877

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Nite Shortcodes

Researcher

SOPROBRO

More Details >

Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22661

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Online Payments – Get Paid with PayPal, Square & Stripe

Researcher

0xd4rk5id3

More Details >

Page Builder by SiteOrigin <= 2.31.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Row Label Parameter

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-12240

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
Page Builder by SiteOrigin

Researcher

zer0gh0st

More Details >

Pastebin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23908

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Pastebin

Researcher

SOPROBRO

More Details >

Payment Button for PayPal <= 1.2.3.35 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13401

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Payment Button for PayPal

Researcher

muhammad yudha

More Details >

PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-12593

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
PDF for WPForms + Drag and Drop Template Builder

Researcher

SOPROBRO

More Details >

PDF.js Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23943

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
PDF.js Shortcode

Researcher

SOPROBRO

More Details >

Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-12696

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Picture Gallery – Frontend Image Uploads, AJAX Photo List

Researcher

SOPROBRO

More Details >

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22759

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor

Researcher

João Pedro Soares de Alcântara

More Details >

Post Grid and Gutenberg Blocks <= 2.2.92 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9645

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Post Grid By PickPlugins

Researcher

Dmitrii Ignatyev

More Details >

Powie's pLinks PagePeeker <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23641

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Powie's pLinks PagePeeker

Researcher

SOPROBRO

More Details >

Product Carousel For WooCommerce – WoorouSell <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22724

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Product Carousel For WooCommerce – WoorouSell

Researcher

SOPROBRO

More Details >

Progress Tracker <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23892

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Progress Tracker

Researcher

SOPROBRO

More Details >

QR Code Generator <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23831

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
QR Code Generator

Researcher

SOPROBRO

More Details >

quote-posttype-plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13386

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
quote-posttype-plugin

Researcher

SOPROBRO

More Details >

QuoteMedia Tools <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23644

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
QuoteMedia Tools

Researcher

SOPROBRO

More Details >

Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13392

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings

Researcher

SOPROBRO

More Details >

Responsive jQuery Slider <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22798

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
Responsive jQuery Slider

Researcher

SOPROBRO

More Details >

Rollover Tab <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23863

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Rollover Tab

Researcher

SOPROBRO

More Details >

RSVP ME <= 1.9.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23480

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
RSVP ME

Researcher

SOPROBRO

More Details >

S-DEV SEO <= 1.88 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22744

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
S-DEV SEO

Researcher

SOPROBRO

More Details >

Scroll Top Advanced <= 2.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23444

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Scroll Top Advanced – Scroll to ID or Class

Researcher

SOPROBRO

More Details >

SetMore Theme – Custom Post Types <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22748

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
SetMore Theme – Custom Post Types

Researcher

SOPROBRO

More Details >

Sidebar-Content from Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23642

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Sidebar-Content from Shortcode

Researcher

SOPROBRO

More Details >

Simple Vertical Timeline <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23856

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Simple Vertical Timeline

Researcher

SOPROBRO

More Details >

Social Media Engine <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22749

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Social Media Engine

Researcher

SOPROBRO

More Details >

SOCIAL.NINJA <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23907

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
SOCIAL.NINJA

Researcher

SOPROBRO

More Details >

Spiderpowa Embed PDF <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23807

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Spiderpowa Embed PDF

Researcher

SOPROBRO

More Details >

Top Flash Embed <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23841

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Top Flash Embed

Researcher

SOPROBRO

More Details >

Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22743

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Twitter Bootstrap Collapse aka Accordian Shortcode

Researcher

SOPROBRO

More Details >

Utilities for MTG <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13433

Patch Status
Unpatched

Published
Jan 17, 2025

Affected Software
Utilities for MTG

Researcher

SOPROBRO

More Details >

Video Share VOD – Turnkey Video Site Builder Script <= 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13393

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Video Share VOD – Turnkey Video Site Builder Script

Researcher

SOPROBRO

More Details >

ViewMedica 9 <= 1.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13394

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
ViewMedica 9

Researcher

zakaria

More Details >

WCS QR Code Generator <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23864

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WCS QR Code Generator

Researcher

SOPROBRO

More Details >

Weaver Themes Shortcode Compatibility <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22267

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
Weaver Themes Shortcode Compatibility

Researcher

0xd4rk5id3

More Details >

Winning Portfolio <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23865

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Winning Portfolio

Researcher

SOPROBRO

More Details >

Woo Update Variations In Cart <= 0.0.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23829

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Woo Update Variations In Cart

Researcher

SOPROBRO

More Details >

WP krpano <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23876

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP krpano

Researcher

SOPROBRO

More Details >

WP Photo Sphere <= 3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23924

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Photo Sphere

Researcher

Peter Thaleikis

More Details >

WP Responsive Tabs <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-13387

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
WP Responsive Tabs

Researcher

SOPROBRO

More Details >

WP Smart Tooltip <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23669

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Smart Tooltip

Researcher

SOPROBRO

More Details >

WP Smart TV <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-12818

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
WP Smart TV

Researcher

SOPROBRO

More Details >

WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22742

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
WP ViewSTL

Researcher

SOPROBRO

More Details >

wp_amaps <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23794

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
wp_amaps

Researcher

0xd4rk5id3

More Details >

wp-pano <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22780

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
wp-pano

Researcher

zaim

More Details >

WP-Player <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23947

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP-Player

Researcher

SOPROBRO

More Details >

WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23802

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP-Revive Adserver

Researcher

0xd4rk5id3

More Details >

WpF Ultimate Carousel <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23933

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WpF Ultimate Carousel

Researcher

SOPROBRO

More Details >

Yet Another Countdown <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-23891

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Yet Another Countdown Plugin

Researcher

SOPROBRO

More Details >

radSLIDE <= 2.1 - Missing Authorization

6.3

CVSS Rating
Medium (6.3)

CVE-ID
CVE-2025-23440

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
radSLIDE

Researcher

SOPROBRO

More Details >

.TUBE Video Curator <= 1.1.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23799

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
.TUBE Video Curator

Researcher

0xd4rk5id3

More Details >

Accessibility Task Manager <= 1.2.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23725

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Accessibility Task Manager

Researcher

João Pedro Soares de Alcântara

More Details >

Add custom content after post <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23652

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Add custom content after post

Researcher

SOPROBRO

More Details >

add custom google tag manager <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23537

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
add custom google tag manager

Researcher

SOPROBRO

More Details >

Add RSS <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23895

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Add RSS

Researcher

SOPROBRO

More Details >

Admin Cleanup <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23832

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Admin Cleanup

Researcher

SOPROBRO

More Details >

Admin Menu Organizer <= 1.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23686

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Admin Menu Organizer

Researcher

Zlrqh

More Details >

Admin Options Pages <= 0.9.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23905

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Admin Options Pages

Researcher

Dimas Maulana

More Details >

AdsMiddle <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23648

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
AdsMiddle

Researcher

SOPROBRO

More Details >

Advanced Angular Contact Form <= 1.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23658

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Advanced Angular Contact Form

Researcher

João Pedro Soares de Alcântara

More Details >

Affiliate Tools Việt Nam <= 0.3.17 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23759

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Affiliate Tools Việt Nam

Researcher

João Pedro Soares de Alcântara

More Details >

Age Verification for your checkout page. Verify your customer's identity <= 1.20.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22622

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
Age Verification for your checkout page. Verify your customer's identity

Researcher

Andres Roldan

More Details >

all-in-one-box-login <= 2.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23587

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
all-in-one-box-login

Researcher

João Pedro Soares de Alcântara

More Details >

AlT Report <= 1.12.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23432

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
AlT Report

Researcher

Le Ngoc Anh

More Details >

Altima Lookbook Free for WooCommerce <= 1.1.0 - Refletced Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23429

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Altima Lookbook Free for WooCommerce

Researcher

Le Ngoc Anh

More Details >

Amber <= 1.4.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22754

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Amber

Researcher

0xd4rk5id3

More Details >

amr personalise <= 2.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23880

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
amr personalise

Researcher

SOPROBRO

More Details >

Annie <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23884

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Annie

Researcher

SOPROBRO

More Details >

Anonymize Links <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23702

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Anonymize Links

Researcher(s): Unknown

More Details >

ApplicantPro <= 1.3.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23920

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
ApplicantPro

Researcher

0xd4rk5id3

More Details >

Apply with LinkedIn buttons <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23898

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Apply with LinkedIn buttons

Researcher

SOPROBRO

More Details >

Attach Gallery Posts <= 1.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23441

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Attach Gallery Posts

Researcher

Le Ngoc Anh

More Details >

Auphonic Importer <= 1.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23649

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Auphonic Importer

Researcher

SOPROBRO

More Details >

Auto FTP <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23793

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Auto FTP

Researcher

SOPROBRO

More Details >

AW WooCommerce Kode Pembayaran <= 1.1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23450

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
AW WooCommerce Kode Pembayaran

Researcher

Le Ngoc Anh

More Details >

Awesome Hooks <= 1.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23539

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Awesome Hooks

Researcher

Kévin Mosbahi (Mika)

More Details >

Awesome Twitter Feeds <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23451

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Awesome Twitter Feeds

Researcher

Le Ngoc Anh

More Details >

AZ Content Finder <= 0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23727

Patch Status
Unpatched

Published
Jan 17, 2025

Affected Software
AZ Content Finder

Researcher

João Pedro Soares de Alcântara

More Details >

azurecurve Floating Featured <= 2.2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23482

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
azurecurve Floating Featured Image

Researcher

thiennv

More Details >

Banner Garden Plugin for WordPress <= 0.1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-0368

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Banner Garden Plugin for WordPress

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

Bauernregeln <= 1.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23838

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Bauernregeln

Researcher

0xd4rk5id3

More Details >

Better Protected Pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23875

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Better Protected Pages

Researcher

SOPROBRO

More Details >

Bible Embed <= 0.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23513

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Bible Embed

Researcher

SOPROBRO

More Details >

Bit.ly linker <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23674

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Bit.ly linker

Researcher

SOPROBRO

More Details >

BizLibrary <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23580

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
BizLibrary

Researcher

João Pedro Soares de Alcântara

More Details >

Block Collection for You – WP Block Pack <= 1.1.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23874

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Block Collection for You – WP Block Pack

Researcher

SOPROBRO

More Details >

Blogger Image Import 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23689

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Blogger Image Import

Researcher

ardias

More Details >

blu Logistics <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23591

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
blu Logistics

Researcher

João Pedro Soares de Alcântara

More Details >

Blue Wrench Video Widget <= 2.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23809

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Blue Wrench Video Widget

Researcher

0xd4rk5id3

More Details >

Board Election <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23499

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Board Election

Researcher

SOPROBRO

More Details >

Bold pagos en linea <= 3.1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22793

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
Bold pagos en linea

Researcher

Parasimpaticki

More Details >

Book a Place <= 0.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23690

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Book a Place

Researcher

ardias

More Details >

Brizy Pro <= 2.6.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22763

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Brizy Pro

Researcher

Rafie Muhammad

More Details >

Browser-Update-Notify <= 0.2.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23490

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Browser-Update-Notify

Researcher

SOPROBRO

More Details >

Bulk Categories Assign <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23582

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Bulk Categories Assign

Researcher

João Pedro Soares de Alcântara

More Details >

Calendi <= 1.1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23606

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Calendi

Researcher

Le Ngoc Anh

More Details >

Call me Now <= 1.0.5 - Cross-Site Request Forgery

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23745

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WordPress Call me Now

Researcher

SOPROBRO

More Details >

Call To Action <= 1.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23605

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Call To Action Popup

Researcher

Le Ngoc Anh

More Details >

CAMOO SMS <= 3.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23607

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
CAMOO SMS

Researcher

Le Ngoc Anh

More Details >

Canalplan <= 5.31 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23616

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Canalplan

Researcher

Le Ngoc Anh

More Details >

Captchelfie – Captcha by Selfie <= 1.0.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23620

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Captchelfie – Captcha by Selfie

Researcher

Le Ngoc Anh

More Details >

Car Demon <= 1.8.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13334

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Car Demon

Researchers

Nathaniel Oh (Calysteon)

Victor Haugen (ChocoTaco)

More Details >

CarZine <= 1.4.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23981

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
CarZine

Researcher

akas wisnu aji

More Details >

Catalog Importer, Scraper & Crawler <= 5.1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22775

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Catalog Importer, Scraper & Crawler

Researcher

Le Ngoc Anh

More Details >

Catch Duplicate Switcher <= 2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23619

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Catch Duplicate Switcher

Researcher

Le Ngoc Anh

More Details >

Category Custom Fields <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23822

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Category Custom Fields

Researcher

SOPROBRO

More Details >

Causes – Donation Plugin <= 1.0.01 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23621

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Causes – Donation Plugin

Researcher

Le Ngoc Anh

More Details >

CBX Accounting & Bookkeeping <= 1.3.14 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23622

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
CBX Accounting & Bookkeeping

Researcher

Le Ngoc Anh

More Details >

CGD Arrange Terms <= 1.1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23752

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
CGD Arrange Terms

Researcher

Kévin Mosbahi (Mika)

More Details >

ChatGPT Open AI Images & Content for WooCommerce <= 2.2.0 - Reflected Cross-Site Scipting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23668

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
ChatGPT Open AI Images & Content for WooCommerce

Researcher

João Pedro Soares de Alcântara

More Details >

Chatter <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23760

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Chatter

Researcher

Kévin Mosbahi (Mika)

More Details >

CJ Custom Content <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23869

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
CJ Custom Content

Researcher

SOPROBRO

More Details >

ClickBank Storefront WordPress Plugin <= 1.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23524

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
ClickBank Storefront WordPress Plugin

Researcher

João Pedro Soares de Alcântara

More Details >

CMC MIGRATE <= 0.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23746

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
CMC MIGRATE

Researcher

João Pedro Soares de Alcântara

More Details >

CNZZ&51LA for WordPress <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23823

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
CNZZ&51LA for WordPress

Researcher

SOPROBRO

More Details >

Cobwebo URL Plugin <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23688

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Cobwebo URL Plugin

Researcher

João Pedro Soares de Alcântara

More Details >

CodeBard Help Desk <= 1.1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22760

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
CodeBard Help Desk

Researcher

hunter85

More Details >

Comment-Emailer <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23627

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Comment-Emailer

Researcher

SOPROBRO

More Details >

ComparePress <= 2.0.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23726

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
ComparePress

Researcher

Le Ngoc Anh

More Details >

Contact Form 7 – CCAvenue Add-on <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23623

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Contact Form 7 – CCAvenue Add-on

Researcher

Le Ngoc Anh

More Details >

Contact Form 7 – Paystack Add-on <= 1.2.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23655

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Contact Form 7 – Paystack Add-on

Researcher

Le Ngoc Anh

More Details >

Contact Form 7 Redirect & Thank You Page <= 1.0.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-12423

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Contact Form 7 Redirect & Thank You Page

Researcher

vgo0

More Details >

Contact Form 7 Round Robin Lead Distribution <= 1.2.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23812

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Contact Form 7 Round Robin Lead Distribution

Researcher

0xd4rk5id3

More Details >

Contact Form With Shortcode <= 4.2.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-24564

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Contact Form With Shortcode

Researcher

Le Ngoc Anh

More Details >

Content Mirror <= 1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23769

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Content Mirror

Researcher

João Pedro Soares de Alcântara

More Details >

Content Planner <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23631

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Content Planner

Researcher

João Pedro Soares de Alcântara

More Details >

Content Security Policy Pro <= 1.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23820

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Content Security Policy Pro

Researcher

SOPROBRO

More Details >

ContentOptin Lite – WP Content Upgrade Plugin <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23589

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
ContentOptin Lite – WP Content Upgrade Plugin

Researcher

João Pedro Soares de Alcântara

More Details >

Contexto <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23663

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Contexto

Researcher

João Pedro Soares de Alcântara

More Details >

Cookie Consent & Autoblock for GDPR/CCPA <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23501

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Cookie Consent & Autoblock for GDPR/CCPA

Researcher

SOPROBRO

More Details >

Copyright Safeguard Footer Notice <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23870

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Copyright Safeguard Footer Notice

Researcher

SOPROBRO

More Details >

Coronavirus (COVID-19) Outbreak Data Widgets <= 1.1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23851

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Coronavirus (COVID-19) Outbreak Data Widgets

Researcher

João Pedro Soares de Alcântara

More Details >

CRUDLab Like Box <= 2.0.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23814

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
CRUDLab Like Box

Researcher

0xd4rk5id3

More Details >

CtyGrid Hyp3rL0cal Search WordPress Plugin <= 0.1.1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23695

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
CtyGrid Hyp3rL0cal Search WordPress Plugin

Researcher

João Pedro Soares de Alcântara

More Details >

CubePM <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23574

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
CubePM

Researcher

João Pedro Soares de Alcântara

More Details >

Curated Search <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23502

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Curated Search

Researcher

SOPROBRO

More Details >

Custom Coming Soon <= 2.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23836

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Custom Coming Soon

Researcher

0xd4rk5id3

More Details >

Custom CSS Addons <= 1.9.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23578

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Custom CSS Addons

Researcher

SOPROBRO

More Details >

Custom List Table Example <= 1.4.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23808

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Custom List Table Example

Researcher

0xd4rk5id3

More Details >

Custom Page Extensions <= 0.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23888

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Custom Page Extensions

Researcher

João Pedro Soares de Alcântara

More Details >

Custom Post <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23566

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Custom Post

Researcher

SOPROBRO

More Details >

Custom Widget Classes <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23844

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Custom Widget Classes

Researcher

SOPROBRO

More Details >

Custom Widget Creator <= 1.0.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23750

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Custom Widget Creator

Researcher

Le Ngoc Anh

More Details >

Custom WP Store Locator <= 1.4.7 - Reflected Cross-Site SCripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-24676

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Custom WP Store Locator

Researcher

0xd4rk5id3

More Details >

Customizable Captcha and Contact Us <= 1.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23503

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Customizable Captcha and Contact us

Researcher

João Pedro Soares de Alcântara

More Details >

Cyber Slider <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23630

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Cyber Slider

Researcher

João Pedro Soares de Alcântara

More Details >

Data Dash <= 1.2.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23751

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Data Dash

Researcher

Le Ngoc Anh

More Details >

Debt Calculator <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23861

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Debt Calculator

Researcher

SOPROBRO

More Details >

Dezdy <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23590

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Dezdy

Researcher

João Pedro Soares de Alcântara

More Details >

DF Draggable <= 1.13.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23708

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
DF Draggable

Researcher

SOPROBRO

More Details >

dForms <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23592

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
dForms

Researcher

João Pedro Soares de Alcântara

More Details >

DN Sitemap Control <= 1.0.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23753

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
DN Sitemap Control

Researcher

João Pedro Soares de Alcântara

More Details >

Download, Downloads – WordPress Download plugin By Edmon <= 1.4.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23541

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Download, Downloads – WordPress Download plugin By Edmon

Researcher

João Pedro Soares de Alcântara

More Details >

DsgnWrks Twitter Importer <= 1.1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23762

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
DsgnWrks Twitter Importer

Researcher

Zlrqh

More Details >

DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-0170

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
DWT - Directory & Listing WordPress Theme

Researcher

István Márton

More Details >

DX Sales CRM <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23575

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
DX Sales CRM

Researcher

João Pedro Soares de Alcântara

More Details >

Easy Automatic Newsletter Lite <= 3.2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23879

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy Automatic Newsletter Lite

Researcher

João Pedro Soares de Alcântara

More Details >

Easy Bet <= 1.0.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23787

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy Bet

Researcher

Le Ngoc Anh

More Details >

Easy Code Placement <= 18.11 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23790

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy Code Placement

Researcher

Le Ngoc Anh

More Details >

Easy Filter <= 1.10 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23788

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy Filter

Researcher

Le Ngoc Anh

More Details >

Easy School Registration <= 3.9.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23740

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy School Registration

Researcher

Kévin Mosbahi (Mika)

More Details >

Easy Tynt <= 0.2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23445

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy Tynt

Researcher

SOPROBRO

More Details >

ECT Add to Cart Button <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23471

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
ECT Add to Cart Button

Researcher

SOPROBRO

More Details >

EditionGuard for WooCommerce – eBook Sales with DRM <= 3.4.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23452

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
EditionGuard for WooCommerce – eBook Sales with DRM

Researcher

João Pedro Soares de Alcântara

More Details >

EELV Newsletter <= 4.8.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23602

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
EELV Newsletter

Researcher

thiennv

More Details >

Email on Publish <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23673

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Email on Publish

Researcher

SOPROBRO

More Details >

Email to Download <= 3.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23786

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Email to Download

Researcher

João Pedro Soares de Alcântara

More Details >

EmailPress <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23593

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
EmailPress

Researcher

João Pedro Soares de Alcântara

More Details >

EmailShroud <= 2.2.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23456

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
EmailShroud

Researcher

SOPROBRO

More Details >

Envato Affiliater <= 1.2.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23431

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Envato Affiliater

Researcher

Kévin Mosbahi (Mika)

More Details >

ePermissions <= 1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23635

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
ePermissions

Researcher

João Pedro Soares de Alcântara

More Details >

Error Notification <= 0.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23902

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Error Notification

Researcher

SOPROBRO

More Details >

Essay Wizard (wpCRES) <= 1.0.6.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23468

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Essay Wizard (wpCRES)

Researcher

Kévin Mosbahi (Mika)

More Details >

Essential WP Real Estate <= 1.1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13347

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
Essential WP Real Estate

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

Essential WP Real Estate <= 1.1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23857

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Essential WP Real Estate

Researcher

0xd4rk5id3

More Details >

EU DSGVO Helper <= 1.0.6.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23866

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
EU DSGVO Helper

Researcher

João Pedro Soares de Alcântara

More Details >

Event Countdown Timer Plugin by TechMix <= 1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23699

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Event Countdown Timer Plugin by TechMix

Researcher

ardias

More Details >

Explara Membership <= 0.0.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23583

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Explara Membership

Researcher

João Pedro Soares de Alcântara

More Details >

Explore pages <= 1.01 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23563

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Explore pages

Researcher

Kévin Mosbahi (Mika)

More Details >

Extra Options – Favicons <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23508

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Extra Options – Favicons

Researcher

SOPROBRO

More Details >

Fast Tube <= 2.3.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23770

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Fast Tube

Researcher

João Pedro Soares de Alcântara

More Details >

Find Content IDs <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23645

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Find Content IDs

Researcher

João Pedro Soares de Alcântara

More Details >

Find Your Reps <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23557

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Find Your Reps

Researcher

SOPROBRO

More Details >

First Comment Redirect <= 1.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23852

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
First Comment Redirect

Researcher

SOPROBRO

More Details >

flashy <= 1.2.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23979

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
flashy

Researcher

akas wisnu aji

More Details >

Flexible Blogtitle <= 0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23846

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Flexible Blogtitle

Researcher

0xd4rk5id3

More Details >

Flexo Slider <= 1.0013 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23472

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Flexo Slider

Researcher

SOPROBRO

More Details >

Floatbox Plus <= 1.4.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23617

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Floatbox Plus

Researcher

SOPROBRO

More Details >

FLX Dashboard Groups <= 0.0.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23730

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
FLX Dashboard Groups

Researcher

João Pedro Soares de Alcântara

More Details >

Flying Twitter Birds <= 1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23710

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Flying Twitter Birds

Researcher

SOPROBRO

More Details >

FooGallery Captions <= 1.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23889

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
FooGallery Captions

Researcher

João Pedro Soares de Alcântara

More Details >

Form To JSON <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23736

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Form To JSON

Researcher

João Pedro Soares de Alcântara

More Details >

Form To Online Booking <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23653

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Form To Online Booking

Researcher

Le Ngoc Anh

More Details >

Formatted post <= 1.01 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23709

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Formatted post

Researcher

João Pedro Soares de Alcântara

More Details >

FP RSS Category Excluder <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23679

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
FP RSS Category Excluder

Researcher

SOPROBRO

More Details >

Free MailClient FMC <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23703

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Free MailClient FMC

Researcher

SOPROBRO

More Details >

FWD Slider <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23462

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
FWD Slider

Researcher

Kévin Mosbahi (Mika)

More Details >

G Web Pro Store Locator <= 2.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23519

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
G Web Pro Store Locator

Researcher

João Pedro Soares de Alcântara

More Details >

Gallerio <= 1.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23629

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Gallerio

Researcher

João Pedro Soares de Alcântara

More Details >

Gateway for Pasargad Bank <= 2.5.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23966

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
a Gateway for Pasargad Bank on WooCommerce

Researcher

João Pedro Soares de Alcântara

More Details >

GDReseller <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23567

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
GDReseller

Researcher

SOPROBRO

More Details >

Genki Announcement <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23900

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Genki Announcement

Researcher

SOPROBRO

More Details >

GeoDigs <= 3.4.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23628

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
GeoDigs

Researcher

João Pedro Soares de Alcântara

More Details >

Geotagged Media <= 0.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23558

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Geotagged Media

Researcher

SOPROBRO

More Details >

Ghostwriter <= 1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23988

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
Ghostwriter

Researcher

akas wisnu aji

More Details >

Giga Messenger – Express <= 2.3.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13328

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Giga Messenger – Express

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

Gigaom Sphinx <= 0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23734

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Gigaom Sphinx

Researcher

João Pedro Soares de Alcântara

More Details >

Glossy <= 2.3.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13325

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Glossy

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

go Social <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23426

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
go Social

Researcher

SOPROBRO

More Details >

Goo.gl Url Shorter <= 1.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23585

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Goo.gl Url Shorter

Researcher

João Pedro Soares de Alcântara

More Details >

Good Old Gallery <= 2.1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23959

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Good Old Gallery

Researcher

João Pedro Soares de Alcântara

More Details >

Goodlayers Blocks <= 1.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23521

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Goodlayers Blocks

Researcher

João Pedro Soares de Alcântara

More Details >

Google Map on Post/Page <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23517

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Google Map on Post/Page

Researcher

João Pedro Soares de Alcântara

More Details >

Google Map With Fancybox <= 2.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23594

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Google Map With Fancybox

Researcher

João Pedro Soares de Alcântara

More Details >

Google Transliteration <= 1.7.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23493

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Google Transliteration

Researcher

SOPROBRO

More Details >

GoogleMapper <= 2.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23518

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
GoogleMapper

Researcher

João Pedro Soares de Alcântara

More Details >

GravatarLocalCache <= 1.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23901

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
GravatarLocalCache

Researcher

SOPROBRO

More Details >

Group category creator <= 1.3.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23603

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Group category creator

Researcher

thiennv

More Details >

GSheetConnector for Forminator Forms <= 1.0.12 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22752

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
GSheetConnector for Forminator Forms

Researcher

Le Ngoc Anh

More Details >

Guten Free Options <= 0.9.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23813

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Guten Free Options

Researcher

Le Ngoc Anh

More Details >

Guten Free Options <= 0.9.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13492

Patch Status
Unpatched

Published
Jan 17, 2025

Affected Software
Guten Free Options

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

Hack me if you can <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23713

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Hack me if you can

Researcher

SOPROBRO

More Details >

Heartland Management Terminal <= 1.3. 0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23520

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Heartland Management Terminal

Researcher

João Pedro Soares de Alcântara

More Details >

History timeline <= 0.7.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23475

Patch Status
Unpatched

Published
Jan 17, 2025

Affected Software
History timeline

Researcher

SOPROBRO

More Details >

HM Portfolio <= 1.1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23522

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
HM Portfolio

Researcher

João Pedro Soares de Alcântara

More Details >

Hotspots Analytics <= 4.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23848

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Hotspots Analytics

Researcher

SOPROBRO

More Details >

HSS Embed Streaming Video <= 3.23 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23523

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
HSS Embed Streaming Video

Researcher

João Pedro Soares de Alcântara

More Details >

HTTP to HTTPS link changer by Eyga.net <= 0.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23677

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
HTTP to HTTPS link changer by Eyga.net

Researcher

SOPROBRO

More Details >

HyperComments <= 0.9.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23509

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
HyperComments

Researcher

João Pedro Soares de Alcântara

More Details >

iBuildApp <= 0.2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13326

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
iBuildApp

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

Image Gallery – Responsive Photo Gallery <= 1.0.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-12403

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Awesome Responsive Photo Gallery – Image & Video Lightbox Gallery

Researcher

vgo0

More Details >

Image Source Control <= 2.29.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22711

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Image Source Control Lite – Show Image Credits and Captions

Researcher

Parasimpaticki

More Details >

Image Source Control Lite – Show Image Credits and Captions <= 2.28.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13515

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Image Source Control Lite – Show Image Credits and Captions

Researcher

Stefan Bogdanovic

More Details >

ImageMeta <= 1.1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23845

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
ImageMeta

Researcher

Le Ngoc Anh

More Details >

Import Users to MailChimp <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23675

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Import Users to MailChimp

Researcher

SOPROBRO

More Details >

InFunding – Plugin for Charity & Crowdfunding Website <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23768

Patch Status
Unpatched

Published
Jan 17, 2025

Affected Software
InFunding – Plugin for Charity & Crowdfunding Website

Researcher

João Pedro Soares de Alcântara

More Details >

Instant Appointment <= 1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23672

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Instant Appointment

Researcher

João Pedro Soares de Alcântara

More Details >

Internal Links Generator <= 3.51 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23571

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Internal Links Generator

Researcher

João Pedro Soares de Alcântara

More Details >

Jet Skinner for BuddyPress <= 1.2.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23706

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Jet Skinner for BuddyPress

Researcher

João Pedro Soares de Alcântara

More Details >

Js O3 Lite <= 1.5.8.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22792

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
Js O3 Lite

Researcher

akas wisnu aji

More Details >

JustRows free <= 0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13330

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
JustRows free

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

Kapost <= 2.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23712

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Kapost

Researcher

SOPROBRO

More Details >

Killer Theme Options <= 2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23473

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Killer Theme Options

Researcher

João Pedro Soares de Alcântara

More Details >

Kubio AI Page Builder <= 2.3.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13516

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Kubio AI Page Builder

Researcher

Stefan Bogdanovic

More Details >

Kumihimo <= 1.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23626

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Kumihimo

Researcher

João Pedro Soares de Alcântara

More Details >

Kv Compose Email From Dashboard <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23525

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Kv Compose Email From Dashboard

Researcher

João Pedro Soares de Alcântara

More Details >

LawPress – Law Firm Website Management <= 1.4.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23756

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
LawPress – Law Firm Website Management

Researcher

Kévin Mosbahi (Mika)

More Details >

Legal + <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23835

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Legal +

Researcher

0xd4rk5id3

More Details >

Legull <= 1.2.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13352

Patch Status
Unpatched

Published
Jan 17, 2025

Affected Software
Legull

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

Len Slider <= 2.0.11 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23810

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Len Slider

Researcher

0xd4rk5id3

More Details >

LH Email <= 1.12 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23676

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
LH Email

Researcher

João Pedro Soares de Alcântara

More Details >

LH Login Page <= 2.14 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23547

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
LH Login Page

Researcher

João Pedro Soares de Alcântara

More Details >

Library Instruction Recorder <= 1.1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23646

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Library Instruction Recorder

Researcher

João Pedro Soares de Alcântara

More Details >

Lijit Search <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22778

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Lijit Search

Researcher

LVT-tholv2k

More Details >

Lime Developer Login <= 1.4.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23701

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Lime Developer Login

Researcher

João Pedro Soares de Alcântara

More Details >

Links/Problem Reporter <= 2.6.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23834

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Links/Problem Reporter

Researcher

SOPROBRO

More Details >

Live Dashboard <= 0.3.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23474

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Live Dashboard

Researcher

João Pedro Soares de Alcântara

More Details >

LJ Custom Menu Links <= 2.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23881

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
LJ Custom Menu Links

Researcher

João Pedro Soares de Alcântara

More Details >

Local Shipping Labels for WooCommerce <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23903

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Local Shipping Labels for WooCommerce

Researcher

João Pedro Soares de Alcântara

More Details >

LocalGrid <= 1.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23678

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
LocalGrid

Researcher

João Pedro Soares de Alcântara

More Details >

Lockets <= 0.999 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23923

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Lockets

Researcher

0xd4rk5id3

More Details >

Login Watchdog <= 1.0.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23716

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Login Watchdog

Researcher

Zlrqh

More Details >

LSD Google Maps Embedder <= 1.1 - Cross-Site Request Forgery Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23871

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
LSD Google Maps Embedder

Researcher

SOPROBRO

More Details >

MACME <= 1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23683

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MACME

Researcher

SOPROBRO

More Details >

Mancx AskMe Widget <= 0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23718

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Mancx AskMe Widget

Researcher

João Pedro Soares de Alcântara

More Details >

Maniac SEO <= 2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23549

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Maniac SEO

Researcher

João Pedro Soares de Alcântara

More Details >

Mapbox for WP Advanced <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22772

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Mapbox for WP Advanced

Researcher

0xd4rk5id3

More Details >

Marquee Style RSS News Ticker <= 3.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23424

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Marquee Style RSS News Ticker

Researcher

SOPROBRO

More Details >

Mass Custom Fields Manager <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23430

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Mass Custom Fields Manager

Researcher

SOPROBRO

More Details >

Mass Messaging in BuddyPress <= 2.2.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23798

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Mass Messaging in BuddyPress

Researcher

0xd4rk5id3

More Details >

MD Custom content after or before of post <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23463

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MD Custom content after or before of post

Researcher

SOPROBRO

More Details >

MDC YouTube Downloader <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23639

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MDC YouTube Downloader

Researcher

SOPROBRO

More Details >

MDJM Event Management <= 1.7.5.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22714

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
MDJM Event Management

Researcher(s): Unknown

More Details >

melascrivi-plugin <= 1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23479

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
melascrivi-plugin

Researcher

João Pedro Soares de Alcântara

More Details >

MemeOne <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23559

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MemeOne

Researcher

SOPROBRO

More Details >

MercadoLibre Integration <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23659

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MercadoLibre Integration

Researcher

SOPROBRO

More Details >

MFPlugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23660

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MFPlugin

Researcher

SOPROBRO

More Details >

MHR-Custom-Anti-Copy <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23817

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MHR-Custom-Anti-Copy

Researcher

SOPROBRO

More Details >

Mind3doM RyeBread Widgets <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23722

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Mind3doM RyeBread Widgets

Researcher

João Pedro Soares de Alcântara

More Details >

MJ Contact us <= 5.2.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23885

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
MJ Contact us

Researcher

João Pedro Soares de Alcântara

More Details >

Mobigate <= 1.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23721

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Mobigate

Researcher

João Pedro Soares de Alcântara

More Details >

Mojo Under Construction <= 1.1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23850

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Mojo Under Construction

Researcher

0xd4rk5id3

More Details >

More Link Modifier <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23818

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
More Link Modifier

Researcher

SOPROBRO

More Details >

moseter <= 1.3.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22790

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
moseter

Researcher

akas wisnu aji

More Details >

Multilang Contact Form <= 1.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22795

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
Multilang Contact Form

Researcher

LVT-tholv2k

More Details >

Musicbox <= 2.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13327

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Musicbox

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

My auctions allegro <= 3.6.18 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22733

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
My auctions allegro

Researcher

João Pedro Soares de Alcântara

More Details >

My Favorite Car <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23636

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
My Favorite Car

Researcher

João Pedro Soares de Alcântara

More Details >

my white <= 2.0.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22678

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
my white

Researcher

akas wisnu aji

More Details >

my-related-posts <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23476

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
my-related-posts

Researcher

SOPROBRO

More Details >

mybb Last Topics <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23749

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
mybb Last Topics

Researcher

SOPROBRO

More Details >

Nature FlipBook WordPress Plugin <= 1.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23454

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Nature FlipBook WordPress Plugin

Researcher

SOPROBRO

More Details >

Network-Favorites <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23737

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Network-Favorites

Researcher

João Pedro Soares de Alcântara

More Details >

Ni WooCommerce Sales Report Email <= 3.1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23481

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Ni WooCommerce Sales Report Email

Researcher

João Pedro Soares de Alcântara

More Details >

NoFollow Free <= 1.6.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23853

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
NoFollow Free

Researcher

SOPROBRO

More Details >

Notifications Center <= 1.5.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23741

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Notifications Center

Researcher

Kévin Mosbahi (Mika)

More Details >

Notifikácie.sk <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23596

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Notifikácie.sk

Researcher

João Pedro Soares de Alcântara

More Details >

NV Slider <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23661

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
NV Slider

Researcher

SOPROBRO

More Details >

offset writing <= 1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22791

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
Offset Writing

Researcher

akas wisnu aji

More Details >

One Backend Language <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23837

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
One Backend Language

Researcher

0xd4rk5id3

More Details >

Online Marksheet Creator : eMarksheet <= 5.4.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23599

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Online Marksheet Creator : eMarksheet

Researcher

thiennv

More Details >

OrangeBox <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23800

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
OrangeBox

Researcher

SOPROBRO

More Details >

PAFacile <= 2.6.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23755

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
PAFacile

Researcher

João Pedro Soares de Alcântara

More Details >

Page Health-O-Meter <= 2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23595

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Page Health-O-Meter

Researcher

João Pedro Soares de Alcântara

More Details >

Partners <= 0.2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22751

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Partners

Researcher

0xd4rk5id3

More Details >

Password Protect Plugin for WordPress <= 0.8.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23435

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Password Protect Plugin for WordPress

Researcher

SOPROBRO

More Details >

Passwordless WP – Login with your glance or fingerprint <= 1.1.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23792

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Passwordless WP – Login with your glance or fingerprint

Researcher

João Pedro Soares de Alcântara

More Details >

PayForm <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23872

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Stripe and PayPal Payment Forms for WordPress – PayForm

Researcher

SOPROBRO

More Details >

Photo Video Store <= 21.07 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23478

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Photo Video Store

Researcher

João Pedro Soares de Alcântara

More Details >

Pin Locations on Map <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23584

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Pin Locations on Map

Researcher

João Pedro Soares de Alcântara

More Details >

Pit Login Welcome <= 1.1.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23505

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Pit Login Welcome

Researcher

João Pedro Soares de Alcântara

More Details >

Plestar Directory Listing <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23723

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Plestar Directory Listing

Researcher

João Pedro Soares de Alcântara

More Details >

Podamibe Twilio Private Call <= 1.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23742

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Podamibe Twilio Private Call

Researcher

João Pedro Soares de Alcântara

More Details >

Podčlánková inzerce <= 2.4.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23697

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Podčlánková inzerce

Researcher

thiennv

More Details >

polka dots <= 1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22789

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
Polka Dots

Researcher

akas wisnu aji

More Details >

Pootle button <= 1.2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23758

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
pootle button

Researcher

João Pedro Soares de Alcântara

More Details >

Post & Page Notes <= 0.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23715

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Post & Page Notes

Researcher

SOPROBRO

More Details >

Post Carousel & Slider <= 1.0.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22750

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Post Carousel & Slider

Researcher

SOPROBRO

More Details >

Post Meta <= 1.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-24549

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Post Meta

Researcher

João Pedro Soares de Alcântara

More Details >

Predict When <= 1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23484

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Predict When

Researcher

João Pedro Soares de Alcântara

More Details >

Preloader Quotes <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23682

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Preloader Quotes

Researcher

João Pedro Soares de Alcântara

More Details >

Proofreading <= 1.2.1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-12466

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Proofreading

Researcher

vgo0

More Details >

Ps Ads Pro <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23738

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Ps Ads Pro

Researcher

João Pedro Soares de Alcântara

More Details >

Push Envoy Notifications <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23556

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Push Envoy Notifications

Researcher

Kévin Mosbahi (Mika)

More Details >

QMean – WordPress Did You Mean and Search Suggestion Like Google <= 2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23428

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
QMean – WordPress Did You Mean and Search Suggestion Like Google

Researcher

SOPROBRO

More Details >

Quote me <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23711

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Quote me

Researcher

João Pedro Soares de Alcântara

More Details >

ReadMe Creator <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23643

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
ReadMe Creator

Researcher

João Pedro Soares de Alcântara

More Details >

Real Seguro Viagem <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23664

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Real Seguro Viagem

Researcher

SOPROBRO

More Details >

Realtyna Provisioning <= 1.2.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-24656

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Realtyna Provisioning

Researcher

0xd4rk5id3

More Details >

Rebrand Fluent Forms <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23904

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Rebrand Fluent Forms

Researcher

João Pedro Soares de Alcântara

More Details >

Recip.ly Plugin <= 1.1.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23598

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Recip.ly Plugin

Researcher

João Pedro Soares de Alcântara

More Details >

REDIRECTION PLUS <= 2.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23681

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
301 SEO REDIRECTION | COUNTRY BASED REDIRECTION [ REDIRECTION PLUS ]

Researcher

João Pedro Soares de Alcântara

More Details >

Redux Converter <= 1.1.3.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23427

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Redux Converter

Researcher

SOPROBRO

More Details >

Rename Author Slug <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23640

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Rename Author Slug

Researcher

SOPROBRO

More Details >

Responsivity <= 0.0.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23548

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Responsivity

Researcher

João Pedro Soares de Alcântara

More Details >

Rezdy Reloaded <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23604

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Rezdy Reloaded

Researcher

Kévin Mosbahi (Mika)

More Details >

Rio Photo Gallery <= 0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23597

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Rio Photo Gallery

Researcher

João Pedro Soares de Alcântara

More Details >

rng-refresh <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23488

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
rng-refresh

Researcher

SOPROBRO

More Details >

Rocket Media Library Mime Type <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22768

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Rocket Media Library Mime Type

Researcher

SOPROBRO

More Details >

RomanCart On WordPress <= 0.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23685

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
RomanCart On WordPress

Researcher

João Pedro Soares de Alcântara

More Details >

root Cookie <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23815

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
root Cookie

Researcher

SOPROBRO

More Details >

Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-0393

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
Royal Elementor Addons and Templates

Researcher

stealthcopter

More Details >

RS Survey <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23485

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
RS Survey

Researcher

João Pedro Soares de Alcântara

More Details >

RSS News Scroller <= 2.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23467

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
RSS News Scroller

Researcher

SOPROBRO

More Details >

RSV GMaps <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23665

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
RSV GMaps

Researcher

SOPROBRO

More Details >

RSVPMaker Volunteer Roles <= 1.5.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23531

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
RSVPMaker Volunteer Roles

Researcher

João Pedro Soares de Alcântara

More Details >

Sale with Razorpay <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23516

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Sale with Razorpay

Researcher

thiennv

More Details >

Sandbox <= 0.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13366

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Sandbox

Researcher

Stiofan

More Details >

Save & Import Image from URL <= 0.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23960

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Save & Import Image from URL

Researcher

João Pedro Soares de Alcântara

More Details >

SC Simple Zazzle <= 1.1.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23733

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
SC Simple Zazzle

Researcher

thiennv

More Details >

Scroll Top – WordPress Scroll to Top <= 1.3.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23651

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Scroll Top – WordPress Scroll to Top plugin

Researcher

SOPROBRO

More Details >

Secure CAPTCHA <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23693

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Secure CAPTCHA

Researcher

SOPROBRO

More Details >

Send to a Friend Addon <= 1.4.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23600

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Send to a Friend Addon

Researcher

João Pedro Soares de Alcântara

More Details >

Send to Twitter <= 1.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23691

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Send to Twitter

Researcher

SOPROBRO

More Details >

SEOReseller Partner <= 1.3.15 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23805

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
SEOReseller Partner Plugin

Researcher

SOPROBRO

More Details >

SexBundle <= 1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23551

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
SexBundle

Researcher

João Pedro Soares de Alcântara

More Details >

Shabbos and Yom Tov <= 1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23694

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Shabbos and Yom Tov

Researcher

SOPROBRO

More Details >

Shipdeo <= 1.2.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23457

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Shipdeo

Researcher

ardias

More Details >

Shockingly Big IE6 Warning <= 1.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23442

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Shockingly Big IE6 Warning

Researcher

SOPROBRO

More Details >

Shortcode in Comment <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23569

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Shortcode in Comment

Researcher

SOPROBRO

More Details >

Simple Custom post type custom field <= 1.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23500

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Simple Custom post type custom field

Researcher

João Pedro Soares de Alcântara

More Details >

Simple Membership Custom Messages <= 2.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-24660

Patch Status
Patched

Published
Jan 18, 2025

Affected Software
Simple Membership Custom Messages

Researcher

0xd4rk5id3

More Details >

Simple Project Manager <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23497

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Simple Project Manager

Researcher

SOPROBRO

More Details >

Simple shortcode buttons <= 1.3.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23449

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Simple shortcode buttons

Researcher

SOPROBRO

More Details >

Simple:Press Forum <= 6.10.10 - Reflected Cross-Site Scripting via msearch

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-10483

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Simple:Press Forum

Researcher

Ryoma Yamada

More Details >

Singsys -Awesome Gallery <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23748

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Singsys -Awesome Gallery

Researcher

João Pedro Soares de Alcântara

More Details >

Site Launcher <= 0.9.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23847

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Site Launcher

Researcher

0xd4rk5id3

More Details >

Slider for Writers <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23692

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Slider for Writers

Researcher

SOPROBRO

More Details >

Smooth Dynamic Slider <= 1.0 - Reflected Cross-Site Scriptign

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23447

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Smooth Dynamic Slider

Researcher

João Pedro Soares de Alcântara

More Details >

Snippy <= 1.4.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23803

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Snippy

Researcher

0xd4rk5id3

More Details >

Social Analytics <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23743

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Social Analytics

Researcher

SOPROBRO

More Details >

Social Pug: Author Box <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22706

Patch Status
Unpatched

Published
Jan 15, 2025

Affected Software
Social Pug: Author Box

Researcher

SOPROBRO

More Details >

Social2Blog <= 0.2.990 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23461

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Social2Blog

Researcher

Kévin Mosbahi (Mika)

More Details >

Solidres <= 0.9.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13329

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Solidres – Hotel booking plugin for WordPress

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

Staging CDN <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23696

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Staging CDN

Researcher

SOPROBRO

More Details >

Stars SMTP Mailer <= 1.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23453

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Stars SMTP Mailer

Researcher

ardias

More Details >

StatPressCN <= 1.9.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23544

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
StatPressCN

Researcher

João Pedro Soares de Alcântara

More Details >

Stop Comment Spam <= 0.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23826

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Stop Comment Spam

Researcher

SOPROBRO

More Details >

Stray Random Quotes <= 1.9.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23883

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Stray Random Quotes

Researcher

João Pedro Soares de Alcântara

More Details >

Strx Magic Floating Sidebar Maker <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23827

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Strx Magic Floating Sidebar Maker

Researcher

SOPROBRO

More Details >

Style Admin <= 1.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23801

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Style Admin

Researcher

0xd4rk5id3

More Details >

Swift Calendar Online Appointment Scheduling <= 1.3.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23526

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Swift Calendar Online Appointment Scheduling

Researcher

João Pedro Soares de Alcântara

More Details >

Tab My Content <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23601

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Tab My Content

Researcher

João Pedro Soares de Alcântara

More Details >

Tag Groups is the Advanced Way to Display Your Taxonomy Terms <= 2.0.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22735

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Tag Groups is the Advanced Way to Display Your Taxonomy Terms

Researcher

minhtuanact

More Details >

Tagesteller / Mittagsmenü <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23609

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Tagesteller / Mittagsmenü Plugin

Researcher

João Pedro Soares de Alcântara

More Details >

Tantyyellow <= 1.0.0.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23995

Patch Status
Unpatched

Published
Jan 17, 2025

Affected Software
Tantyyellow

Researcher

akas wisnu aji

More Details >

Tax Report for WooCommerce <= 2.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23731

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Tax Report for WooCommerce

Researcher

thiennv

More Details >

Texteller <= 1.3.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23552

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Texteller

Researcher

João Pedro Soares de Alcântara

More Details >

The Loops <= 1.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23754

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
The Loops

Researcher

Kévin Mosbahi (Mika)

More Details >

Theme My Ontraport Smartform <= 1.2.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23717

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Theme My Ontraport Smartform

Researcher

SOPROBRO

More Details >

Tidy.ro <= 1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23650

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Tidy.ro

Researcher

João Pedro Soares de Alcântara

More Details >

Tijaji <= 1.43 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23983

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
TIJAJI

Researcher

akas wisnu aji

More Details >

Tiki Time <= 1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23986

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
Tiki Time

Researcher

akas wisnu aji

More Details >

TinyMCE Extended Config <= 0.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23439

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
TinyMCE Extended Config

Researcher

Kévin Mosbahi (Mika)

More Details >

TransFinanz <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13332

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
TransFinanz

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

Translation.Pro <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23498

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Translation.Pro

Researcher

SOPROBRO

More Details >

Tuaug4 <= 1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22687

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
Tuaug4

Researcher

akas wisnu aji

More Details >

turboSMTP <= 4.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22753

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
turboSMTP

Researcher

0xd4rk5id3

More Details >

Twitter News Feed <= 1.1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23464

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Twitter News Feed

Researcher

SOPROBRO

More Details >

Twitter Post <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23654

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Twitter Post

Researcher

SOPROBRO

More Details >

Twitter Shortcode <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23618

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Twitter Shortcode

Researcher

SOPROBRO

More Details >

Ui Slider Filter By Price <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23555

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Ui Slider Filter By Price

Researcher

thiennv

More Details >

Ultimate Events <= 1.3.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23610

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Ultimate Events

Researcher

João Pedro Soares de Alcântara

More Details >

Ultimate Subscribe <= 1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23806

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Ultimate Subscribe

Researcher

0xd4rk5id3

More Details >

UltraLight <= 1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23998

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
The Ultralight

Researcher

akas wisnu aji

More Details >

Unique UX <= 0.9.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23625

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Unique UX

Researcher

João Pedro Soares de Alcântara

More Details >

Universal Analytics Injector <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23483

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Universal Analytics Injector

Researcher

SOPROBRO

More Details >

University quizzes online <= 1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23724

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
University quizzes online

Researcher

João Pedro Soares de Alcântara

More Details >

UpDownUpDown <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23572

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
UpDownUpDown

Researcher

SOPROBRO

More Details >

UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-0215

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
UpdraftPlus: WP Backup & Migration Plugin

Researcher

Asaf Mozes

More Details >

URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23789

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
URL Shortener | Conversion Tracking | AB Testing | WooCommerce

Researcher

Le Ngoc Anh

More Details >

Userbase Access Control <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23553

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Userbase Access Control

Researcher

João Pedro Soares de Alcântara

More Details >

Vampire Character Manager <= 2.13 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23465

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Vampire Character Manager

Researcher

Kévin Mosbahi (Mika)

More Details >

vcOS <= 1.4.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23433

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
vcOS

Researcher

João Pedro Soares de Alcântara

More Details >

Verge3D <= 4.8.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22709

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Verge3D Publishing and E-Commerce

Researcher

0xd4rk5id3

More Details >

Visit Site Link enhanced <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23470

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
"Visit Site" Link enhanced – WordPress PlugIn

Researcher

SOPROBRO

More Details >

VSTEMPLATE Creator <= 2.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23491

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
VSTEMPLATE Creator

Researcher

João Pedro Soares de Alcântara

More Details >

W3SPEEDSTER <= 7.33 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23765

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
W3SPEEDSTER

Researcher

thiennv

More Details >

Web Push <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23720

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Web Push

Researcher

SOPROBRO

More Details >

Web Testimonials <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23560

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Web Testimonials

Researcher

SOPROBRO

More Details >

Webcamconsult <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13432

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Webcamconsult

Researcher

SOPROBRO

More Details >

WH Cache & Security <= 1.1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23611

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WH Cache & Security

Researcher

João Pedro Soares de Alcântara

More Details >

Wibstats <= 0.5.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23565

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Wibstats

Researcher

João Pedro Soares de Alcântara

More Details >

Woo Store Mode <= 1.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23687

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Woo Store Mode

Researcher

João Pedro Soares de Alcântara

More Details >

WooCommerce Order Search <= 1.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23495

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WooCommerce Order Search

Researcher

João Pedro Soares de Alcântara

More Details >

Word Freshener <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23577

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Word Freshener

Researcher

SOPROBRO

More Details >

WordPress Additional Logins <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23614

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WordPress Additional Logins

Researcher

João Pedro Soares de Alcântara

More Details >

WordPress Data Guard <= 8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23828

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WordPress Data Guard [Website Security]

Researcher

SOPROBRO

More Details >

WordPress File Search <= 1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23867

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WordPress File Search

Researcher

Le Ngoc Anh

More Details >

WordPress Gallery Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23842

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WordPress Gallery Plugin

Researcher

SOPROBRO

More Details >

WordPress Logging Service <= 1.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23510

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WordPress Logging Service

Researcher

SOPROBRO

More Details >

WordPress 淘宝客插件 <= 1.1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23492

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WordPress 淘宝客插件

Researcher

João Pedro Soares de Alcântara

More Details >

WordPress-to-candidate for Salesforce CRM <= 1.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23657

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WordPress-to-candidate for Salesforce CRM

Researcher

João Pedro Soares de Alcântara

More Details >

World Cup Predictor <= 1.9.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22794

Patch Status
Unpatched

Published
Jan 13, 2025

Affected Software
World Cup Predictor

Researcher

Le Ngoc Anh

More Details >

WOW Best CSS Compiler <= 2.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23588

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WOW Best CSS Compiler

Researcher

João Pedro Soares de Alcântara

More Details >

WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-12385

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
WP Abstracts

Researcher

vgo0

More Details >

WP Background Tile <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23573

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Background Tile

Researcher

SOPROBRO

More Details >

WP Bulletin Board <= 1.1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22776

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
WP Bulletin Board

Researcher

Le Ngoc Anh

More Details >

WP Contest <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23538

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Contest

Researcher

João Pedro Soares de Alcântara

More Details >

WP Cookies Alert <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23821

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Cookies Alert

Researcher

SOPROBRO

More Details >

WP Custom Google Search <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23698

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Custom Google Search

Researcher

SOPROBRO

More Details >

WP Download Codes <= 2.5.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23882

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Download Codes

Researcher

João Pedro Soares de Alcântara

More Details >

WP Dream Carousel <= 1.0.1b - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13331

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
WP Dream Carousel

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

WP FixTag <= v2.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23564

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP FixTag

Researcher

João Pedro Soares de Alcântara

More Details >

WP FPO <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23496

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP FPO

Researcher

João Pedro Soares de Alcântara

More Details >

WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23540

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Front-end login and register

Researcher

João Pedro Soares de Alcântara

More Details >

WP Headmaster <= 0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22755

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
WP Headmaster

Researcher

0xd4rk5id3

More Details >

WP IMAP Auth <= 4.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23506

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP IMAP Auth

Researcher

João Pedro Soares de Alcântara

More Details >

WP Intro.JS Plugin <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23576

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Intro.JS Plugin

Researcher

João Pedro Soares de Alcântara

More Details >

WP Inventory Manager <= 2.3.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13434

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
WP Inventory Manager

Researcher

Le Ngoc Anh

More Details >

WP Login Attempt Log <= 1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23568

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Login Attempt Log

Researcher

João Pedro Soares de Alcântara

More Details >

WP Lyrics <= 0.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23533

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Lyrics

Researcher

SOPROBRO

More Details >

WP OpenSearch <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23671

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP OpenSearch

Researcher

SOPROBRO

More Details >

WP Order By <= 1.4.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22765

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
WP Order By

Researcher

Le Ngoc Anh

More Details >

WP Post Category Notifications <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23586

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Post Category Notifications

Researcher

João Pedro Soares de Alcântara

More Details >

WP Post Corrector <= 1.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22764

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
WP Post Corrector

Researcher

Le Ngoc Anh

More Details >

WP Projects Portfolio with Client Testimonials <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13115

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
WP Projects Portfolio with Client Testimonials

Researcher

Bob Matyas

More Details >

WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-13114

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
WP Projects Portfolio with Client Testimonials

Researcher

Hassan Khan Yusufzai - Splint3r7

More Details >

WP PT-Viewer <= 2.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23438

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP PT-Viewer

Researcher

Joshua Chan

More Details >

WP Query Creator <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22264

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
WP Query Creator

Researcher

SOPROBRO

More Details >

WP Service Payment Form With Authorize.net <= 2.6.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23804

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Service Payment Form With Authorize.net

Researcher

0xd4rk5id3

More Details >

WP Social Broadcast <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23545

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Social Broadcast

Researcher

João Pedro Soares de Alcântara

More Details >

WP SpaceContent <= 0.4.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23446

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP SpaceContent

Researcher

SOPROBRO

More Details >

WP Ultimate Reviews FREE <= 1.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23739

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Ultimate Reviews FREE

Researcher

João Pedro Soares de Alcântara

More Details >

WP VTiger Synchronization <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23455

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP VTiger Synchronization

Researcher

SOPROBRO

More Details >

WP-Announcements <= 1.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23489

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP-Announcements

Researcher

SOPROBRO

More Details >

WP-BlackCheck <= 2.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23511

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP-BlackCheck

Researcher

SOPROBRO

More Details >

WP-Clap <= 1.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23647

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP-Clap

Researcher

SOPROBRO

More Details >

wp-flickr-press <= 2.6.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23894

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
wp-flickr-press

Researcher

Le Ngoc Anh

More Details >

WP-HR Manager: The Human Resources Plugin for WordPress <= 3.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23843

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
WP-HR Manager: The Human Resources Plugin for WordPress

Researcher

SOPROBRO

More Details >

WP-NOTCAPTCHA <= 1.3.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23840

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP-NOTCAPTCHA

Researcher

0xd4rk5id3

More Details >

Wp-Scribd-List <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23436

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Wp-Scribd-List

Researcher

Joshua Chan

More Details >

WP2APP <= 2.6.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23811

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP2APP

Researcher

0xd4rk5id3

More Details >

WpDevTool <= 0.1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23624

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WpDevTool

Researcher

SOPROBRO

More Details >

XTRA Settings <= 2.1.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23729

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
XTRA Settings

Researcher

thiennv

More Details >

yCyclista <= 1.2.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23700

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
yCyclista

Researcher

SOPROBRO

More Details >

Youtube Video Grid | Youmax <= 1.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23634

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Youtube Video Grid | Youmax

Researcher

thiennv

More Details >

Zarinpal Paid Download <= 2.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22766

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Zarinpal Paid Download

Researcher

João Pedro Soares de Alcântara

More Details >

新淘客WordPress插件 <= 1.1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-23637

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
新淘客WordPress插件

Researcher

João Pedro Soares de Alcântara

More Details >

WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-8722

Patch Status
Patched

Published
Jan 18, 2025

Affected Software
WP All Import Pro

Researcher

Francesco Carlucci

More Details >

Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-13355

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Admin and Customer Messages After Order for WooCommerce: OrderConvo

Researcher

1337_Wannabe

More Details >

GravityForms 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-13378

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Gravity Forms

Researcher

mikemyers

More Details >

Motors – Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-10970

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Motors – Car Dealership & Classified Listings Plugin

Researchers

ghsinfosec

C_T_R_L

More Details >

Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment plugin for WordPress <= 2.2.1 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-22720

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment

Researcher

Kévin Mosbahi (Mika)

More Details >

Contact Form 7 Anti Spambot <= 1.0.1 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-23862

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Contact Form 7 Anti Spambot

Researcher

Kévin Mosbahi (Mika)

More Details >

Copy Move Posts <= 1.6 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-23764

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Copy Move Posts

Researcher

Kévin Mosbahi (Mika)

More Details >

Download Manager <= 3.3.06 - Unauthenticated Information Disclosure via Unprotected Directory

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-13126

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Download Manager

Researcher

Dmitrii Ignatyev

More Details >

EMI Calculator <= 1.1 - Missing Authorization to Unauthenticated Settings Change

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-22265

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
EMI Calculator

Researcher

Kévin Mosbahi (Mika)

More Details >

Event monster <= 1.4.3 - Information Exposure Via Visitors List Export

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-11396

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
Event Monster – Event Management, Tickets Booking, Upcoming Event

Researcher

mike harris (mikeyh)

More Details >

Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-12071

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

Researcher

Brian Sans-Souci (liardom)

More Details >

Htaccess File Editor <= 1.0.19 - Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-22773

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Htaccess File Editor – Easily Edit, Backup, Restore .htaccess file

Researcher

SavPhill (Savphill)

More Details >

Ksher <= 1.1.2 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-22730

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Ksher

Researcher

Kévin Mosbahi (Mika)

More Details >

Loginplus <= 1.2 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-23514

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Loginplus

Researcher

Kévin Mosbahi (Mika)

More Details >

Moving Users <= 1.05 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-12637

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Moving Users

Researcher

omstaendlig

More Details >

Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-12427

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Multi Step Form

Researcher

Ryan Zegar

More Details >

My Tickets <= 2.0.9 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-22717

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
My Tickets – Accessible Event Ticketing

Researcher

Kévin Mosbahi (Mika)

More Details >

OPSI Israel Domestic Shipments <= 2.6.7 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-23766

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
OPSI Israel Domestic Shipments

Researcher

Kévin Mosbahi (Mika)

More Details >

Push Notification for Post and BuddyPress <= 2.11 - Missing Authorization to Unauthenticated Settings Update

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-23771

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Push Notification for Post and BuddyPress

Researcher

Kévin Mosbahi (Mika)

More Details >

Realty Workstation <= 1.0.45 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-23477

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Realty Workstation

Researcher

ghsinfosec

More Details >

Sensei LMS – Online Courses, Quizzes, & Learning <= 4.24.3 - Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-0466

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Sensei LMS – Online Courses, Quizzes, & Learning

Researcher

Li Xuhang

More Details >

Setup Default Featured Image <= 1.2 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-24642

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Setup Default Featured Image

Researcher

Kévin Mosbahi (Mika)

More Details >

Team 118GROUP Agent <= 1.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-23512

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Team 118GROUP Agent

Researcher

Kévin Mosbahi (Mika)

More Details >

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-0318

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Researcher

mikemyers

More Details >

W3 Total Cache <= 2.8.1 Information Exposure via Log Files

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-12008

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
W3 Total Cache

Researcher

villu164

More Details >

W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-12006

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
W3 Total Cache

Researcher

villu164

More Details >

WM Options Import Export <= 1.0.1 - Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-23781

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WM Options Import Export

Researcher

Kévin Mosbahi (Mika)

More Details >

WP Hotel Booking <= 2.1.5 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-12370

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
WP Hotel Booking

Researcher

Thanh Nam Tran

More Details >

WPDB to Sql <= 1.2 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-23774

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WPDB to Sql

Researcher

Kévin Mosbahi (Mika)

More Details >

WpTravelly <= 1.8.5 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-22737

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

Researcher

thiennv

More Details >

Contact Form 7 Round Robin Lead Distribution <= 1.2.1 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-23784

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Contact Form 7 Round Robin Lead Distribution

Researcher

João Pedro Soares de Alcântara

More Details >

Easy Code Snippets <= 1.0.2 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-23780

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Easy Code Snippets

Researcher

João Pedro Soares de Alcântara

More Details >

ResAds <= 2.0.5 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-23779

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
ResAds

Researcher

João Pedro Soares de Alcântara

More Details >

Smart Manager <= 8.52.0 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-22710

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
WooCommerce Advanced Bulk Edit Products, Orders, Coupons, Any WordPress Post Type – Smart Manager

Researcher

Webula

More Details >

Bonjour Bar <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-22262

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
bonjour-bar

Researcher

Pham Van Tam

More Details >

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Title

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-13517

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Researcher

Sajjad Ahmad (jack_sparrow)

More Details >

Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-13125

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress

Researcher

Dmitrii Ignatyev

More Details >

MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 1.9.80 - Authenticated (Shop Manager+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-13519

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution

Researcher

Karolina Jankowska

More Details >

Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-0554

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Podlove Podcast Publisher

Researchers

Jon Cagan

VigilAInce Seeker

More Details >

Post-to-Post Links <= 4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-23878

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Post-to-Post Links

Researcher

Pham Van Tam

More Details >

Posts Footer Manager <= 2.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-22734

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Posts Footer Manager

Researcher

Pham Van Tam

More Details >

Related Post Shortcode <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-22276

Patch Status
Unpatched

Published
Jan 18, 2025

Affected Software
Related Post Shortcode

Researcher

Pham Ngoc Duy

More Details >

RSS Icon Widget <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-12203

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
RSS Icon Widget

Researcher

Yamil

More Details >

Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com <= 3.3 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-23854

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com

Researcher

SOPROBRO

More Details >

WordPress HelpDesk & Support Ticket System Plugin – Octrace Support <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-22762

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
WordPress HelpDesk & Support Ticket System Plugin – Octrace Support

Researcher

UKO

More Details >

WP ULike <= 4.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-22738

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
WP ULike – All-in-One Engagement Toolkit

Researcher

Robert DeVore

More Details >

AI Responsive Gallery Album <= 1.4 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23785

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
AI Responsive Gallery Album

Researcher

Kévin Mosbahi (Mika)

More Details >

ApplyOnline – Application Form Builder and Manager <= 2.6.7.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-22721

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
ApplyOnline – Application Form Builder and Manager

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Build Private Store For Woocommerce <= 1.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-22731

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Build Private Store For Woocommerce

Researcher

Kévin Mosbahi (Mika)

More Details >

Button Block <= 1.1.5 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-22787

Patch Status
Patched

Published
Jan 13, 2025

Affected Software
Button Block – Get fully customizable & multi-functional buttons

Researcher

Khalid Yusuf

More Details >

Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-0515

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme

Researcher

Lucio Sá

More Details >

Cache Sniper for Nginx <= 1.0.4.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23776

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Cache Sniper for Nginx

Researcher

Kévin Mosbahi (Mika)

More Details >

Chamber Dashboard Business Directory <= 3.3.10 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23917

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Chamber Dashboard Business Directory

Researcher

Abdi Pranata

More Details >

Debug Tool <= 2.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23684

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Debug Tool

Researcher

Kévin Mosbahi (Mika)

More Details >

Donate visa <= 1.0.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23656

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Donate visa

Researcher

SOPROBRO

More Details >

Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-13215

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Elementor Addon Elements

Researcher

Ankit Patel

More Details >

Email Capture & Lead Generation <= 1.0.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23929

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Email Capture & Lead Generation

Researcher

Abdi Pranata

More Details >

Goldstar <= 2.1.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23962

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Goldstar

Researcher

Kévin Mosbahi (Mika)

More Details >

Interactive Page Hierarchy <= 1.0.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23615

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Interactive Page Hierarchy

Researcher

Kévin Mosbahi (Mika)

More Details >

Mark Posts <= 2.2.4 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23963

Patch Status
Patched

Published
Jan 16, 2025

Affected Software
Mark Posts

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-11851

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN

Researcher

Sean Murphy

More Details >

PAPERCITE <= 0.5.18 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23849

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
PAPERCITE

Researcher

Kévin Mosbahi (Mika)

More Details >

PayPal Marketing Solutions <= 1.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23930

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
PayPal Marketing Solutions

Researcher

Kévin Mosbahi (Mika)

More Details >

Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10775

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
Piotnet Addons For Elementor

Researcher

Francesco Carlucci

More Details >

RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10326

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
RomethemeKit For Elementor

Researchers

Tieu Pham Trong Nhan

incognito

More Details >

Salvador – AI Image Generator <= 1.0.11 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23954

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Salvador – AI Image Generator

Researcher

Kévin Mosbahi (Mika)

More Details >

SendGrid for WordPress <= 1.4 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23423

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
SendGrid for WordPress

Researcher

Ananda Dhakal

More Details >

ShipWorks Connector for Woocommerce <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-13317

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
ShipWorks Connector for Woocommerce

Researcher

SOPROBRO

More Details >

Slides & Presentations <= 0.0.39 - Missing Authorization to Content Injection

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23919

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Slides & Presentations

Researcher

Caesar Evan Santoso

More Details >

Sur.ly <= 3.0.3 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23957

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Sur.ly

Researcher

Kévin Mosbahi (Mika)

More Details >

User Sync ActiveCampaign <= 1.3.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23778

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
User Sync ActiveCampaign

Researcher

Kévin Mosbahi (Mika)

More Details >

VikAppointments Services Booking Calendar <= 1.2.16 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-22719

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
VikAppointments Services Booking Calendar

Researcher

Dhabaleshwar Das

More Details >

VOD Infomaniak <= 1.5.9 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-22729

Patch Status
Patched

Published
Jan 14, 2025

Affected Software
VOD Infomaniak

Researcher

Kévin Mosbahi (Mika)

More Details >

WAH Forms <= 1.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23763

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WAH Forms

Researcher

Kévin Mosbahi (Mika)

More Details >

Widget Options <= 4.0.8 - Missing Authorization to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-22722

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
Widget Options – The #1 WordPress Widget & Block Control Plugin

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Woo Tuner <= 0.1.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23761

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Woo Tuner

Researcher

Kévin Mosbahi (Mika)

More Details >

WordPress Graphs & Charts <= 2.0.8 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23961

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WordPress Graphs & Charts – Easy Interactive HTML5 Charts Plugin

Researcher

Abdi Pranata

More Details >

WP Journal <= 1.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23613

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Journal

Researcher

Kévin Mosbahi (Mika)

More Details >

WP Meetup <= 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23916

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WP Meetup

Researcher

Kévin Mosbahi (Mika)

More Details >

WP News Sliders <= 1.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-22779

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
WP News Sliders

Researcher

Kévin Mosbahi (Mika)

More Details >

WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10789

Patch Status
Patched

Published
Jan 15, 2025

Affected Software
WP User Profile Avatar

Researcher

muhammad yudha

More Details >

WPLingo – Forum Plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23534

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
WPLingo – Forum Plugin

Researcher

Kévin Mosbahi (Mika)

More Details >

Xola <= 1.6 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-23955

Patch Status
Unpatched

Published
Jan 16, 2025

Affected Software
Xola

Researcher

Kévin Mosbahi (Mika)

More Details >

WPSyncSheets Lite For Elementor – Elementor Pro Form Google Spreadsheet Addon <= 1.4 - Running Vulnerable Dependencies

3.7

CVSS Rating
Low (3.7)

CVE-ID
Unknown

Patch Status
Patched

Published
Jan 17, 2025

Affected Software
WPSyncSheets Lite For Elementor – Elementor Pro Form Google Spreadsheet Addon

Researcher(s): Unknown

More Details >

Envo Multipurpose <= 1.1.6 - Missing Authorization

3.1

CVSS Rating
Low (3.1)

CVE-ID
CVE-2025-22770

Patch Status
Unpatched

Published
Jan 14, 2025

Affected Software
Envo Multipurpose

Researcher

Fariq Fadillah Gusti Insani (fariqfgi)

More Details >