Full List

Search

Recent Vulnerabilities

• CVE-2025-48266 • published on May 19, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce allows Stored XSS. This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.8.

  ---

• CVE-2025-48265 • published on May 19, 2025 Cross-Site Request Forgery (CSRF) vulnerability in Pektsekye Year Make Model Search for WooCommerce allows Cross Site Request Forgery. This issue affects Year Make Model Search for WooCommerce: from n/a through 1.0.11.

  ---

• CVE-2025-48264 • published on May 19, 2025 Cross-Site Request Forgery (CSRF) vulnerability in artiosmedia Product Code for WooCommerce allows Cross Site Request Forgery. This issue affects Product Code for WooCommerce: from n/a through 1.5.0.

  ---

• CVE-2025-48263 • published on May 19, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX MultiVendorX allows Stored XSS. This issue affects MultiVendorX: from n/a through 4.2.22.

  ---

• CVE-2025-48262 • published on May 19, 2025 Missing Authorization vulnerability in Michael Revellin-Clerc Url Rewrite Analyzer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Url Rewrite Analyzer: from n/a through 1.3.3.

  ---

• CVE-2025-48260 • published on May 19, 2025 Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.3.

  ---

• CVE-2025-48259 • published on May 19, 2025 Cross-Site Request Forgery (CSRF) vulnerability in Juan Carlos WP Mapa Politico España allows Cross Site Request Forgery. This issue affects WP Mapa Politico España: from n/a through 3.8.0.

  ---

• CVE-2025-48258 • published on May 19, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jetmonsters Mega Menu Block allows Stored XSS. This issue affects Mega Menu Block: from n/a through 1.0.6.

  ---

• CVE-2025-48257 • published on May 19, 2025 Missing Authorization vulnerability in Projectopia Projectopia allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Projectopia: from n/a through 5.1.17.

  ---

• CVE-2025-48256 • published on May 19, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes Import Social Events allows Stored XSS. This issue affects Import Social Events: from n/a through 1.8.5.

  ---

• CVE-2025-48255 • published on May 19, 2025 Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP allows Cross Site Request Forgery. This issue affects Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP: from n/a through 6.2.4.

  ---

• CVE-2025-48254 • published on May 19, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Change Add to Cart Button Text for WooCommerce allows Stored XSS. This issue affects Change Add to Cart Button Text for WooCommerce: from n/a through 2.2.2.

  ---

• CVE-2025-48253 • published on May 19, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Free Shipping Bar: Amount Left for Free Shipping for WooCommerce allows Stored XSS. This issue affects Free Shipping Bar: Amount Left for Free Shipping for WooCommerce: from n/a through 2.4.6.

  ---

• CVE-2025-48252 • published on May 19, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget: from n/a through 1.6.8.

  ---

• CVE-2025-48251 • published on May 19, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Emails & Recipients for WooCommerce allows Stored XSS. This issue affects Additional Custom Emails & Recipients for WooCommerce: from n/a through 3.5.1.

  ---

• CVE-2025-48250 • published on May 19, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Coupons & Add to Cart by URL Links for WooCommerce allows Stored XSS. This issue affects Coupons & Add to Cart by URL Links for WooCommerce: from n/a through 1.7.7.

  ---

• CVE-2025-48249 • published on May 19, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EAN for WooCommerce allows Stored XSS. This issue affects EAN for WooCommerce: from n/a through 5.4.6.

  ---

• CVE-2025-48248 • published on May 19, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Sitewide Discount for WooCommerce: Apply Discount to All Products allows Stored XSS. This issue affects Sitewide Discount for WooCommerce: Apply Discount to All Products: from n/a through 2.2.1.

  ---

• CVE-2025-48247 • published on May 19, 2025 Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortlinks by Pretty Links: from n/a through 3.6.15.

  ---

• CVE-2025-48246 • published on May 19, 2025 Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Events Calendar: from n/a through 6.11.2.1.

  ---