7.1
CVE-2025-26554 - WordPress WP Discord Post Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Discord Post allows Reflected XSS. This issue affects WP Discord Post: from n/a through 2.1.0.
7.1
CVE-2025-26553 - WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spring Devs Pre Order Addon for WooCommerce β Advance Order/Backorder Plugin allows Reflected XSS. This issue affects Pre Order Addon for WooCommerce β Advance Order/Backorder Plugin: from n/a throβ¦
7.1
CVE-2025-26548 - WordPress Random Image Selector plugin <= 1.5.6 - Reflected Cross-Site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Random Image Selector allows Reflected XSS. This issue affects Random Image Selector: from n/a through 2.4.
7.1
CVE-2025-23744 - WordPress Random Posts, Mp3 Player + ShareButton plugin <= 1.4.1 - Reflected Cross Site Scripting (β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dvs11 Random Posts, Mp3 Player + ShareButton allows Reflected XSS. This issue affects Random Posts, Mp3 Player + ShareButton: from n/a through 1.4.1.
6.5
CVE-2025-25225 - Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.β¦
A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.
5.3
CVE-2025-2323 - 274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral worβ¦
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to enfoβ¦
6.9
CVE-2025-2322 - 274056675 springboot-openai-chatgpt OpenController.java hard-coded credentials
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is posβ¦
5.3
CVE-2025-2321 - 274056675 springboot-openai-chatgpt addData logic error
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be lauβ¦
4.3
CVE-2025-1530 - Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion
The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site admβ¦
6.5
CVE-2025-2025 - Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via β¦
The GiveWP β Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. This makes it possible for unauthenticated attackers to disβ¦