Latest CVE Feed
-
6.4
MEDIUMCVE-2025-12964
The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdpr_title_tag' and 'mpdpr_subtitle_tag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient i... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-12935
The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fluentcrm_content' shortcode in all versions up to, and inc... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13134
The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the 'authorsure' page. This makes it possible for unauthenticated attackers ... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.4
MEDIUMCVE-2025-11003
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_ui_template' function in all versions up to, and including, ... Read more
Affected Products : uipress_lite- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authorization