Latest CVE Feed
-
6.5
MEDIUMCVE-2025-64262
Cross-Site Request Forgery (CSRF) vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through <= 3.0.0.... Read more
Affected Products : auto_prune_posts- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-62948
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Konstantin Pankratov Date counter date-counter allows Stored XSS.This issue affects Date counter: from n/a through <= 2.0.3.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-64367
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through <= 4.2.6.... Read more
Affected Products : groundhogg- Published: Oct. 31, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-49908
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPClever WPC Countdown Timer for WooCommerce wpc-countdown-timer allows Stored XSS.This issue affects WPC Countdown Timer for WooCommerce: from n/a throu... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-49929
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows Stored XSS.This issue affects Ultimate Blocks: from n/a through <= 3.3.6.... Read more
Affected Products : ultimate_blocks- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-49932
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetBlog jet-blog allows Stored XSS.This issue affects JetBlog: from n/a through <= 2.4.4.1.... Read more
Affected Products : jetblog- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-49940
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows DOM-Based XSS.This issue affects Fusion Builder: from n/a through <= 3.13.2.... Read more
Affected Products : avada- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-49960
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leadbi LeadBI Plugin for WordPress leadbi allows Stored XSS.This issue affects LeadBI Plugin for WordPress: from n/a through <= 1.7.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-52752
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeAtelier IDonatePro idonate-pro allows Retrieve Embedded Sensitive Data.This issue affects IDonatePro: from n/a through <= 2.1.9.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-59593
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder colibri-page-builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through < 1.0.334.... Read more
Affected Products : colibri_page_builder- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62069
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter.This issue affects MDTF: from n/a through <= 1.3.3.8.... Read more
Affected Products : wordpress_meta_data_and_taxonomies_filter- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62983
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sudar Muthu Posts By Tag posts-by-tag allows Stored XSS.This issue affects Posts By Tag: from n/a through <= 3.2.1.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-64361
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows DOM-Based XSS.This issue affects Consulting Elementor Widgets: from n/a t... Read more
Affected Products : consulting_elementor_widgets- Published: Oct. 31, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62011
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem thegem.This issue affects TheGem: from n/a through <= 5.10.5.... Read more
Affected Products : thegem- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62051
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign Core u-design-core.This issue affects UDesign Core: from n/a through <= 4.14.1.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-52186
Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a Server-Side Request Forgery (SSRF) vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, al... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2024-44636
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php.... Read more
Affected Products : student_record_system- Published: Nov. 14, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-11207
Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-12445
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)... Read more
- Published: Nov. 10, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-12431
Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Hig... Read more
- Published: Nov. 10, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Misconfiguration