4.3
CVE-2024-13832 - Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure
The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contrโฆ
6.4
CVE-2025-1560 - WOW Entrance Effects (WEE!) <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WOW Entrance Effects (WEE!) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wee' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticatโฆ
6.5
CVE-2025-1572 - KiviCare โ Clinic & Patient Management System (EHR) <= 3.6.7 - Authenticated (Doctor+) SQL Injectioโฆ
The KiviCare โ Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the โu_idโ parameter in all versions up to, and including, 3.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. โฆ
6.4
CVE-2025-1571 - Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting โฆ
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This mโฆ
6.4
CVE-2025-1405 - Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via shoโฆ
The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_products shortcode in all versions up to, and including, 1.7.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for autheโฆ
6.5
CVE-2025-0764 - wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, โฆ
0.0
CVE-2025-1772 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
4.3
CVE-2025-1506 - Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings Update
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. This is due to missing or incorrect nonce validation on the counter_access_key_setup() function. This makes it possible for unauthenticated aโฆ
6.4
CVE-2024-12820 - MK Google Directions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The MK Google Directions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MKGD' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attโฆ
7.2
CVE-2025-1513 - Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery โ Upload, Vote, Sell โฆ
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery โ Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Name and Comment field when commenting on photo gallery entries in all versionsโฆ