6.4
CVE-2024-13866 - Simple Notification <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary weβ¦
6.4
CVE-2025-1008 - Recently Purchased Products For Woo <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripβ¦
The Recently Purchased Products For Woo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βviewβ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contribβ¦
6.1
CVE-2024-13827 - Razorpay Subscription Button Elementor Plugin <= 1.0.3 - Reflected Cross-Site Scripting via add_queβ¦
The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg() and remove_query_arg() functions without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for uβ¦
6.4
CVE-2024-13350 - SearchIQ β The Search Solution <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The SearchIQ β The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible foβ¦
5.3
CVE-2024-8682 - JNews - WordPress Newspaper Magazine Blog AMP Theme <= 11.6.6 - Unauthorized User Registration
The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. This is due to the plugin not properly validate if the user can register option is enabled prior to creating a user though the reβ¦
4.3
CVE-2025-0990 - I Am Gloria <= 1.1.4 - Cross-Site Request Forgery
The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23_gloria_settings_page function. This makes it possible for unauthenticated attackers to reset the tenaβ¦
6.3
CVE-2025-1435 - bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation
The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbp_user_add_role_on_register() function. This makes it possible for unauthenticated attackers to elevate their privβ¦
9.8
CVE-2025-1393 - Weidmueller: Authentication Vulnerability due to Hard-coded Credentials
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
4.3
CVE-2025-1923 -
Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
4.3
CVE-2025-1922 -
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)