Full List

Search

Recent Vulnerabilities

• CVE-2025-39570 • published on April 16, 2025 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Lomu WPCOM Member allows PHP Local File Inclusion. This issue affects WPCOM Member: from n/a through 1.7.7.
• CVE-2025-39571 • published on April 16, 2025 Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4.
• CVE-2025-39572 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Checkout for PayPal allows Stored XSS. This issue affects Checkout for PayPal: from n/a through 1.0.38.
• CVE-2025-39573 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.10.
• CVE-2025-39574 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Shortcodes allows Stored XSS. This issue affects Uix Shortcodes: from n/a through 2.0.4.
• CVE-2025-39575 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa allows Stored XSS. This issue affects WPCasa: from n/a through 1.3.2.
• CVE-2025-39576 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows Stored XSS. This issue affects WPAdverts: from n/a through 2.2.1.
• CVE-2025-39577 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.2.
• CVE-2025-39578 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.2.
• CVE-2025-39579 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Membership For WooCommerce allows DOM-Based XSS. This issue affects Membership For WooCommerce: from n/a through 2.8.0.
• CVE-2025-39581 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Shortcodes allows Stored XSS. This issue affects Themify Shortcodes: from n/a through 2.1.3.
• CVE-2025-39582 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Passionate Programmer Peter WP Data Access allows DOM-Based XSS. This issue affects WP Data Access: from n/a through 5.5.36.
• CVE-2025-39584 • published on April 16, 2025 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25.
• CVE-2025-39585 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit allows Stored XSS. This issue affects Travelfic Toolkit: from n/a through 1.2.1.
• CVE-2025-39589 • published on April 16, 2025 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.
• CVE-2025-39590 • published on April 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.
• CVE-2025-39591 • published on April 16, 2025 Missing Authorization vulnerability in WP Shuffle WP Subscription Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms: from n/a through 1.2.3.
• CVE-2025-39592 • published on April 16, 2025 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Unlock Lite allows PHP Local File Inclusion. This issue affects Subscribe to Unlock Lite: from n/a through 1.3.0.
• CVE-2025-39593 • published on April 16, 2025 Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting allows Cross Site Request Forgery. This issue affects Ever Accounting: from n/a through 2.1.5.
• CVE-2025-39597 • published on April 16, 2025 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Arthur Yarwood Fast eBay Listings allows Phishing. This issue affects Fast eBay Listings: from n/a through 2.12.15.