54 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-25086 – WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2025-25086

24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1. The Secret Meta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action ... • https://patchstack.com/database/wordpress/plugin/facebook-secret-meta/vulnerability/wordpress-secret-meta-plugin-1-2-1-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-26575 – WordPress Display Post Meta plugin <= 1.5- Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2025-26575

20 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Maurer Display Post Meta allows Reflected XSS. This issue affects Display Post Meta: from n/a through 2.4.4. The Display Post Meta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that ex... • https://patchstack.com/database/wordpress/plugin/display-post-meta/vulnerability/wordpress-display-post-meta-plugin-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-27591

https://notcve.org/view.php?id=CVE-2025-27591

11 Mar 2025 — A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow. • https://github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-26550 – WordPress Global Meta Keyword & Description plugin <= 2.3 - CSRF to Cross-Site Scripting vulnerability

https://notcve.org/view.php?id=CVE-2025-26550

13 Feb 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description allows Stored XSS. This issue affects Global Meta Keyword & Description: from n/a through 2.3. The Global Meta Keyword & Description plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts... • https://patchstack.com/database/wordpress/plugin/global-meta-keyword-and-description/vulnerability/wordpress-global-meta-keyword-description-plugin-2-3-csrf-to-cross-site-scripting-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-25164 – WordPress Meta Accelerator plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2025-25164

02 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Meta Accelerator allows Reflected XSS. This issue affects Meta Accelerator: from n/a through 1.0.4. The Meta Accelerator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute ... • https://patchstack.com/database/wordpress/plugin/meta-accelerator/vulnerability/wordpress-meta-accelerator-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-25169 – WordPress Authors Autocomplete Meta Box plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2025-25169

02 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Authors Autocomplete Meta Box allows Reflected XSS. This issue affects Authors Autocomplete Meta Box: from n/a through 1.2. The Authors Autocomplete Meta Box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary... • https://patchstack.com/database/wordpress/plugin/authors-autocomplete-meta-box/vulnerability/wordpress-authors-autocomplete-meta-box-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-22260 – WordPress Meta Tag Manager plugin <= 3.1 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2025-22260

31 Jan 2025 — Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1. The Meta Tag Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/meta-tag-manager/vulnerability/wordpress-meta-tag-manager-plugin-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-22685 – WordPress Tags to Keywords plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

https://notcve.org/view.php?id=CVE-2025-22685

31 Jan 2025 — Cross-Site Request Forgery (CSRF) vulnerability in CheGevara Tags to Keywords allows Stored XSS. This issue affects Tags to Keywords: from n/a through 1.0.1. The Tags to Keywords plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site... • https://patchstack.com/database/wordpress/plugin/tags-to-meta-keywords/vulnerability/wordpress-tags-to-keywords-plugin-1-0-1-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-24689 – WordPress Import and export users and customers plugin 1.27.12 - Sensitive Data Exposure vulnerability

https://notcve.org/view.php?id=CVE-2025-24689

27 Jan 2025 — Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12. The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.27.12. This makes it possible for unauthenticated attackers to extract sensitive user or co... • https://patchstack.com/database/wordpress/plugin/import-users-from-csv-with-meta/vulnerability/wordpress-import-and-export-users-and-customers-plugin-1-27-12-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-24589 – WordPress JSM Show Post Metadata plugin <= 4.6.0 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2025-24589

24 Jan 2025 — Missing Authorization vulnerability in JS Morisset JSM Show Post Metadata allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JSM Show Post Metadata: from n/a through 4.6.0. The JSM Show Post Metadata plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized a... • https://patchstack.com/database/wordpress/plugin/jsm-show-post-meta/vulnerability/wordpress-jsm-show-post-metadata-plugin-4-6-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •