0.0
CVE-2025-26554 - WordPress WP Discord Post Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicola Mustone WP Discord Post wp-discord-post allows Reflected XSS.This issue affects WP Discord Post: from n/a through <= 2.1.0.
0.0
CVE-2025-26553 - WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spring Devs Pre Order Addon for WooCommerce β Advance Order/Backorder Plugin wc-pre-order allows Reflected XSS.This issue affects Pre Order Addon for WooCommerce β Advance Order/Backorder Plugin: fβ¦
0.0
CVE-2025-26548 - WordPress Random Image Selector plugin <= 1.5.6 - Reflected Cross-Site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kdmurray Random Image Selector random-image-selector allows Reflected XSS.This issue affects Random Image Selector: from n/a through <= 2.4.
0.0
CVE-2025-23744 - WordPress Random Posts, Mp3 Player + ShareButton plugin <= 1.4.1 - Reflected Cross Site Scripting (β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dvs11 Random Posts, Mp3 Player + ShareButton random-posts-mp3-player-sharebutton allows Reflected XSS.This issue affects Random Posts, Mp3 Player + ShareButton: from n/a through <= 1.4.1.
6.5
CVE-2025-25225 - Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.β¦
A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.
5.3
CVE-2025-2323 - 274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral worβ¦
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to enfoβ¦
6.9
CVE-2025-2322 - 274056675 springboot-openai-chatgpt OpenController.java hard-coded credentials
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is posβ¦
5.3
CVE-2025-2321 - 274056675 springboot-openai-chatgpt addData logic error
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be lauβ¦
4.3
CVE-2025-1530 - Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion
The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site admβ¦
6.5
CVE-2025-2025 - Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via β¦
The GiveWP β Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. This makes it possible for unauthenticated attackers to disβ¦