CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22278 – WordPress Whitish Lite theme <= 2.1.13 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22278
24 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13. The Whitish Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts ... • https://patchstack.com/database/wordpress/theme/whitish-lite/vulnerability/wordpress-whitish-lite-theme-2-1-13-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23937 – WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-23937
17 Mar 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound LinkedIn Lite allows PHP Local File Inclusion. This issue affects LinkedIn Lite: from n/a through 1.0. The LinkedIn Lite plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. T... • https://patchstack.com/database/wordpress/plugin/linkedin-lite/vulnerability/wordpress-linkedin-lite-plugin-1-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26989 – WordPress Zigaform – Form Builder Lite plugin <= 7.4.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26989
03 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Form Builder Lite allows Stored XSS. This issue affects Zigaform – Form Builder Lite: from n/a through 7.4.2. The Zigaform – Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary ... • https://patchstack.com/database/wordpress/plugin/zigaform-form-builder-lite/vulnerability/wordpress-zigaform-form-builder-lite-plugin-7-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26928 – WordPress Order Limit for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-26928
23 Feb 2025 — Missing Authorization vulnerability in xfinitysoft Order Limit for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Limit for WooCommerce: from n/a through 3.0.2. The Order Limit for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an... • https://patchstack.com/database/wordpress/plugin/wc-order-limit-lite/vulnerability/wordpress-order-limit-for-woocommerce-plugin-3-0-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26962 – WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26962
23 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Easy Contact Form Lite allows Stored XSS. This issue affects Easy Contact Form Lite : from n/a through 1.1.25. The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inj... • https://patchstack.com/database/wordpress/plugin/contact-form-lite/vulnerability/wordpress-contact-form-plugin-plugin-1-1-25-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26994 – WordPress Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin <= 7.4.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26994
23 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite allows Stored XSS. This issue affects Zigaform – Price Calculator & Cost Estimation Form Builder Lite: from n/a through 7.4.2. The Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.2 due to insufficient input sa... • https://patchstack.com/database/wordpress/plugin/zigaform-calculator-cost-estimation-form-builder-lite/vulnerability/wordpress-zigaform-price-calculator-cost-estimation-form-builder-lite-plugin-7-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26882 – WordPress Popup Builder plugin <= 1.1.33 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26882
22 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Popup Builder allows Stored XSS. This issue affects Popup Builder: from n/a through 1.1.33. The Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts... • https://patchstack.com/database/wordpress/plugin/easy-notify-lite/vulnerability/wordpress-popup-builder-plugin-1-1-33-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26750 – WordPress Vitepos Plugin <= 3.1.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-26750
14 Feb 2025 — Missing Authorization vulnerability in appsbd Vitepos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Vitepos: from n/a through 3.1.3. The Vitepos – Point of sale (POS) plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action... • https://patchstack.com/database/wordpress/plugin/vitepos-lite/vulnerability/wordpress-vitepos-plugin-3-1-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26561 – WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26561
13 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elfsight Elfsight Yottie Lite allows Stored XSS. This issue affects Elfsight Yottie Lite: from n/a through 1.3.3. The Elfsight Yottie Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject ... • https://patchstack.com/database/wordpress/plugin/yottie-lite/vulnerability/wordpress-elfsight-yottie-lite-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22646 – WordPress aThemes Addons for Elementor plugin <= 1.0.8 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22646
03 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemes aThemes Addons for Elementor allows Stored XSS.This issue affects aThemes Addons for Elementor: from n/a through 1.0.8. The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a... • https://patchstack.com/database/wordpress/plugin/athemes-addons-for-elementor-lite/vulnerability/wordpress-athemes-addons-for-elementor-plugin-1-0-8-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •