0.0
CVE-2025-26549 - WordPress WP Html Page Sitemap plugin <= 2.2 - CSRF to Stored Cross-Site Scripting
Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Sitemap wp-html-page-sitemap allows Stored XSS.This issue affects WP Html Page Sitemap: from n/a through <= 2.2.
0.0
CVE-2025-26547 - WordPress My Login Logout Plugin plugin <= 2.4 - CSRF to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Login Logout Plugin my-loginlogout allows Stored XSS.This issue affects My Login Logout Plugin: from n/a through <= 2.4.
0.0
CVE-2025-26545 - WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerabiβ¦
Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard related-posts-line-up-exactry-by-milliard allows Stored XSS.This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through <= 0.0.22.
0.0
CVE-2025-26543 - WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through <= 2.1.
8.1
CVE-2025-1094 - PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to uβ¦
6.1
CVE-2025-1271 - Reflected Cross-Site Scripting (XSS) vulnerability in H6Web
Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theβ¦
9.1
CVE-2025-1270 - Insecure direct object reference (IDOR) vulnerability in H6Web
Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the βpkrelatedβ parameter in the β/h6web/ha_datos_hermano.phpβ endpoint to refer to another user. In addition, theβ¦
9.8
CVE-2024-13182 - WP Directorybox Manager <= 2.5 - Authentication Bypass
The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_parse_request' function. This makes it possible for unauthenticated attackers to log in as any existing user on thβ¦
7.5
CVE-2024-13606 - JS Help Desk β The Ultimate Help Desk & Support Plugin <= 2.8.8 - Unauthenticated Sensitive Informaβ¦
The JS Help Desk β The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored β¦
6.1
CVE-2024-13867 - Listivo - Classified Ads WordPress Theme <= 2.3.67 - Reflected Cross-Site Scripting
The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injβ¦