CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32202 – WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.3000000025 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-32202
08 Apr 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress allows Upload a Web Shell to a Web Server. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000025. The Insert or Embed Articulate Content into WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.3000000025. This makes it poss... • https://patchstack.com/database/wordpress/plugin/insert-or-embed-articulate-content-into-wordpress/vulnerability/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000025-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31735 – WordPress Footnotes for WordPress plugin <= 2016.1230 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-31735
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in C. Johnson Footnotes for WordPress allows Stored XSS. This issue affects Footnotes for WordPress: from n/a through 2016.1230. The Footnotes for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2016.1230 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and ... • https://patchstack.com/database/wordpress/plugin/footnotes-for-wordpress/vulnerability/wordpress-footnotes-for-wordpress-plugin-2016-1230-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30552 – WordPress WordPress Admin Bar Improved plugin <= 3.3.5 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-30552
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Donald Gilbert WordPress Admin Bar Improved allows Stored XSS. This issue affects WordPress Admin Bar Improved: from n/a through 3.3.5. The WordPress Admin Bar Improved plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a si... • https://patchstack.com/database/wordpress/plugin/wordpress-admin-bar-improved/vulnerability/wordpress-wordpress-admin-bar-improved-plugin-3-3-5-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30608 – WordPress WordPress SQL Backup - <= <= 3.5.2 Cross Site Request Forgery (CSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2025-30608
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS. This issue affects WordPress SQL Backup: from n/a through 3.5.2. The WordPress SQL Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can tr... • https://patchstack.com/database/wordpress/plugin/wordpress-sql-backup/vulnerability/wordpress-wordpress-sql-backup-3-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26559 – WordPress Secure Invites plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26559
21 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Secure Invites allows Reflected XSS. This issue affects Secure Invites: from n/a through 1.3. The Secure Invites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can su... • https://patchstack.com/database/wordpress/plugin/wordpress-mu-secure-invites/vulnerability/wordpress-secure-invites-plugin-1-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25134 – WordPress Theme Demo Bar Plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-25134
20 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Theme Demo Bar allows Reflected XSS. This issue affects Theme Demo Bar: from n/a through 1.6.3. The Theme Demo Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they ca... • https://patchstack.com/database/wordpress/plugin/wordpress-theme-demo-bar/vulnerability/wordpress-theme-demo-bar-plugin-1-6-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27265 – WordPress Google Maps for WordPress plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-27265
24 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aaron D. Campbell Google Maps for WordPress allows DOM-Based XSS. This issue affects Google Maps for WordPress: from n/a through 1.0.3. The Google Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acc... • https://patchstack.com/database/wordpress/plugin/google-maps-for-wordpress/vulnerability/wordpress-google-maps-for-wordpress-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26913 – WordPress AR for WordPress plugin <= 7.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26913
23 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webandprint AR For WordPress allows DOM-Based XSS. This issue affects AR For WordPress: from n/a through 7.7. The AR For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary we... • https://patchstack.com/database/wordpress/plugin/ar-for-wordpress/vulnerability/wordpress-ar-for-wordpress-plugin-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22704 – WordPress Signature plugin <= 0.1 - Cross Site Request Forgery ( CSRF ) vulnerability
https://notcve.org/view.php?id=CVE-2025-22704
31 Jan 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows Cross Site Request Forgery. This issue affects WordPress Signature: from n/a through 0.1. The WordPress Signature plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request gra... • https://patchstack.com/database/wordpress/plugin/wordpress-signature/vulnerability/wordpress-wordpress-signature-plugin-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23435 – WordPress Password Protect Plugin for WordPress plugin <= 0.8.1.0 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-23435
16 Jan 2025 — Cross-Site Request Forgery (CSRF) vulnerability in David Marcucci Password Protect Plugin for WordPress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n/a through 0.8.1.0. The Password Protect Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject m... • https://patchstack.com/database/wordpress/plugin/password-protect-plugin-for-wordpress/vulnerability/wordpress-password-protect-plugin-for-wordpress-plugin-0-8-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •