0.0
CVE-2025-26550 - WordPress Global Meta Keyword & Description plugin <= 2.3 - CSRF to Cross-Site Scripting vulnerabilโฆ
Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description global-meta-keyword-and-description allows Stored XSS.This issue affects Global Meta Keyword & Description: from n/a through <= 2.3.
0.0
CVE-2025-26549 - WordPress WP Html Page Sitemap plugin <= 2.2 - CSRF to Stored Cross-Site Scripting
Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Sitemap wp-html-page-sitemap allows Stored XSS.This issue affects WP Html Page Sitemap: from n/a through <= 2.2.
0.0
CVE-2025-26547 - WordPress My Login Logout Plugin plugin <= 2.4 - CSRF to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Login Logout Plugin my-loginlogout allows Stored XSS.This issue affects My Login Logout Plugin: from n/a through <= 2.4.
0.0
CVE-2025-26545 - WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerabiโฆ
Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard related-posts-line-up-exactry-by-milliard allows Stored XSS.This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through <= 0.0.22.
0.0
CVE-2025-26543 - WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through <= 2.1.
8.1
CVE-2025-1094 - PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to uโฆ
6.1
CVE-2025-1271 - Reflected Cross-Site Scripting (XSS) vulnerability in H6Web
Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theโฆ
9.1
CVE-2025-1270 - Insecure direct object reference (IDOR) vulnerability in H6Web
Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the โpkrelatedโ parameter in the โ/h6web/ha_datos_hermano.phpโ endpoint to refer to another user. In addition, theโฆ
9.8
CVE-2024-13182 - WP Directorybox Manager <= 2.5 - Authentication Bypass
The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_parse_request' function. This makes it possible for unauthenticated attackers to log in as any existing user on thโฆ
7.5
CVE-2024-13606 - JS Help Desk โ The Ultimate Help Desk & Support Plugin <= 2.8.8 - Unauthenticated Sensitive Informaโฆ
The JS Help Desk โ The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored โฆ