5.4

CVSS3.1

CVE-2025-27356 - WordPress Sticky Header On Scroll plugin <= 1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Hardik Sticky Header On Scroll sticky-header-on-scroll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header On Scroll: from n/a through <= 1.0.

📅 Published: Feb. 24, 2025, 2:49 p.m. 🔄 Last Modified: April 23, 2026, 3:26 p.m.

7.1

CVSS3.1

CVE-2025-27355 - WordPress Woocommerce – Loi Hamon Plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woocommerce – Loi Hamon loi-hamon allows Stored XSS.This issue affects Woocommerce – Loi Hamon: from n/a through <= 1.1.0.

📅 Published: Feb. 24, 2025, 2:49 p.m. 🔄 Last Modified: April 23, 2026, 3:26 p.m.

4.3

CVSS3.1

CVE-2025-27353 - WordPress Namaste! LMS Plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS namaste-lms allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through <= 2.6.5.

📅 Published: Feb. 24, 2025, 2:49 p.m. 🔄 Last Modified: April 23, 2026, 3:26 p.m.

7.1

CVSS3.1

CVE-2025-27352 - WordPress 无觅相关文章插件 plugin <= 1.0.5.7 - CSRF to Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wumii team 无觅相关文章插件 wumii-related-posts allows Stored XSS.This issue affects 无觅相关文章插件: from n/a through <= 1.0.5.7.

📅 Published: Feb. 24, 2025, 2:49 p.m. 🔄 Last Modified: April 23, 2026, 3:26 p.m.

6.5

CVSS3.1

CVE-2025-27351 - WordPress Local Search SEO Contact Page plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpertBusinessSearch Local Search SEO Contact Page local-search-seo-contact-page allows Stored XSS.This issue affects Local Search SEO Contact Page: from n/a through <= 4.0.1.

📅 Published: Feb. 24, 2025, 2:49 p.m. 🔄 Last Modified: April 23, 2026, 3:26 p.m.

6.5

CVSS3.1

CVE-2025-27349 - WordPress Get Posts plugin <= 0.6 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nurelm Get Posts nurelm-get-posts allows Stored XSS.This issue affects Get Posts: from n/a through <= 0.6.

📅 Published: Feb. 24, 2025, 2:49 p.m. 🔄 Last Modified: April 23, 2026, 3:26 p.m.

6.5

CVSS3.1

CVE-2025-27348 - WordPress WP Social SEO Booster plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel WP Social SEO Booster – Knowledge Graph Social Signals SEO wp-social-seo-booster allows Stored XSS.This issue affects WP Social SEO Booster – Knowledge Graph Social Signals SEO: from n/a thr…

📅 Published: Feb. 24, 2025, 2:49 p.m. 🔄 Last Modified: April 23, 2026, 3:26 p.m.

6.5

CVSS3.1

CVE-2025-27347 - WordPress Direct Checkout Button for WooCommerce plugin <= 1.0 - Cross Site Scripting (XSS) vulnera…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techmix Direct Checkout Button for WooCommerce woo-direct-checkout-button allows Stored XSS.This issue affects Direct Checkout Button for WooCommerce: from n/a through <= 1.0.

📅 Published: Feb. 24, 2025, 2:49 p.m. 🔄 Last Modified: April 23, 2026, 3:26 p.m.

4.3

CVSS3.1

CVE-2025-27344 - WordPress Phee's LinkPreview Plugin <= 1.6.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in filipstepanov Phee's LinkPreview linkpreview allows Cross Site Request Forgery.This issue affects Phee's LinkPreview: from n/a through <= 1.6.7.

📅 Published: Feb. 24, 2025, 2:49 p.m. 🔄 Last Modified: April 23, 2026, 3:26 p.m.

4.3

CVSS3.1

CVE-2025-27342 - WordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) …

Cross-Site Request Forgery (CSRF) vulnerability in josesan WooCommerce Recargo de Equivalencia woo-recargo-de-equivalencia allows Cross Site Request Forgery.This issue affects WooCommerce Recargo de Equivalencia: from n/a through <= 1.6.24.

📅 Published: Feb. 24, 2025, 2:49 p.m. 🔄 Last Modified: April 23, 2026, 3:26 p.m.

Vulnerability Database Index

5.4

CVE-2025-27356 - WordPress Sticky Header On Scroll plugin <= 1.0 - Broken Access Control vulnerability

7.1

CVE-2025-27355 - WordPress Woocommerce – Loi Hamon Plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

4.3

CVE-2025-27353 - WordPress Namaste! LMS Plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) vulnerability

7.1

CVE-2025-27352 - WordPress 无觅相关文章插件 plugin <= 1.0.5.7 - CSRF to Cross Site Scripting (XSS) vulnerability

6.5

CVE-2025-27351 - WordPress Local Search SEO Contact Page plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability

6.5

CVE-2025-27349 - WordPress Get Posts plugin <= 0.6 - Stored Cross Site Scripting (XSS) vulnerability

6.5

CVE-2025-27348 - WordPress WP Social SEO Booster plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

6.5

CVE-2025-27347 - WordPress Direct Checkout Button for WooCommerce plugin <= 1.0 - Cross Site Scripting (XSS) vulnera…

4.3

CVE-2025-27344 - WordPress Phee's LinkPreview Plugin <= 1.6.7 - Cross Site Request Forgery (CSRF) vulnerability

4.3

CVE-2025-27342 - WordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) …