CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-22524 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formafzar ΩΨ±Ω Ψ³Ψ§Ψ² ΩΨ±Ω Ψ§ΩΨ²Ψ§Ψ± formafzar allows Stored XSS.This issue affects ΩΨ±Ω Ψ³Ψ§Ψ² ΩΨ±Ω Ψ§ΩΨ²Ψ§Ψ±: from... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22525 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bharat Kambariya Donation Block For PayPal donations-block allows Stored XSS.This issue affects Do... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22528 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huurkalender.nl Huurkalender WP huurkalender-wp allows Stored XSS.This issue affects Huurkalender ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22529 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordpresteem WE Blocks we-blocks allows Stored XSS.This issue affects WE Blocks: from n/a through ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22530 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PORTONE μμν¬νΈ κ²°μ λ²νΌ μμ± νλ¬κ·ΈμΈ iamport-payment allows Stored XSS.This issue affects μμν¬νΈ κ²°μ λ²νΌ μμ± νλ¬κ·ΈμΈ: ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22532 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snagysandor Simple Photo Sphere simple-photo-sphere allows Stored XSS.This issue affects Simple Ph... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22533 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bulktheme WOOEXIM wooexim allows SQL Injection.This issue affects WOOEXIM: from n/a through <= 5.0... | 7.6 | HIGH | β | 0 |
| CVE-2025-22534 Missing Authorization vulnerability in Ella Van Durpe Slides & Presentations slide allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: fr... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-22536 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hiren.sabd WP Music Player wp-music-player allows SQL Injection.This issue affects WP Music Player... | 7.6 | HIGH | β | 0 |
| CVE-2025-22538 Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Stored XSS.This issue affects Virtual Bot: from n/a through <= 1.0.0. | 7.1 | HIGH | β | 0 |
| CVE-2025-22541 Missing Authorization vulnerability in etruel WP Delete Post Copies etruel-del-post-copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Cop... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-22543 Missing Authorization vulnerability in beautifultemplates ST Gallery WP st-gallery-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-22544 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mind Doodle Mind Doodle Visual Sitemaps & Tasks mind-doodle-sitemap allows Stored XSS.This issue a... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22545 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sw.galati iframe to embed iframe-to-embed allows Stored XSS.This issue affects iframe to embed: fr... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22546 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Obaid Hossain jQuery TwentyTwenty js-twentytwenty allows Stored XSS.This issue affects jQuery Twen... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22547 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jaykrishnang JK Html To Pdf jk-html-to-pdf allows Stored XSS.This issue affects JK Html To Pdf: fr... | 7.1 | HIGH | β | 0 |
| CVE-2025-22548 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in frankkoenen ldap_login_password_and_role_manager ldap-login-password-and-role-manager allows Store... | 7.1 | HIGH | β | 0 |
| CVE-2025-22549 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seinoxygen WP Github wp-github allows Stored XSS.This issue affects WP Github: from n/a through <=... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22550 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Rhoney AddFunc Mobile Detect addfunc-mobile-detect allows Stored XSS.This issue affects AddFun... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22551 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in albedo0 Boot-Modal boot-modal allows Stored XSS.This issue affects Boot-Modal: from n/a through <=... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22552 Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Affiliate Disclosure Statement affiliate-disclosure-statement allows Cross Site Request Forgery.This issue affects Affiliate Disclosure Stat... | 7.1 | HIGH | β | 0 |
| CVE-2025-22554 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fdfranklin06 Video Embed Optimizer video-embed-optimizer allows Stored XSS.This issue affects Vide... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22555 Cross-Site Request Forgery (CSRF) vulnerability in njshofe Smoothness Slider Shortcode smoothness-slider-shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: fro... | 7.1 | HIGH | β | 0 |
| CVE-2025-22556 Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Norse Rune Oracle Plugin norse-runes-oracle allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a thro... | 7.1 | HIGH | β | 0 |
| CVE-2025-22557 Cross-Site Request Forgery (CSRF) vulnerability in cdowp News Publisher Autopilot wpm-news-api allows Cross Site Request Forgery.This issue affects News Publisher Autopilot: from n/a through <= 2.1.4. | 7.1 | HIGH | β | 0 |
| CVE-2025-22558 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue aff... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22559 Cross-Site Request Forgery (CSRF) vulnerability in tubepress TubePress.NET tubepressnet allows Cross Site Request Forgery.This issue affects TubePress.NET: from n/a through <= 4.0.1. | 7.1 | HIGH | β | 0 |
| CVE-2025-22560 Missing Authorization vulnerability in saoshyant1994 Saoshyant Page Builder saoshyant-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Saoshyant ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-22562 Cross-Site Request Forgery (CSRF) vulnerability in kbowson Title Experiments Free wp-experiments-free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through <= 9... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-22563 Cross-Site Request Forgery (CSRF) vulnerability in faaiq Pretty Url pretty-url allows Cross Site Request Forgery.This issue affects Pretty Url: from n/a through <= 1.5.5. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-22571 Cross-Site Request Forgery (CSRF) vulnerability in instabot Instabot instabot allows Cross Site Request Forgery.This issue affects Instabot: from n/a through <= 1.10. | 7.1 | HIGH | β | 0 |
| CVE-2025-22572 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Legacy ePlayer sportspress-tv allows Stored XSS.This issue affects Legacy ePlayer: from n/a ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22573 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in copist Icons Enricher icons-enricher allows Stored XSS.This issue affects Icons Enricher: from n/a... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22574 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cleanshooter ICS Button ics-button allows Stored XSS.This issue affects ICS Button: from n/a throu... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22577 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Damion Armentrout Able Player wp-able-player allows DOM-Based XSS.This issue affects Able Player: ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22578 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aazztech WP Cookie wp-cookie allows Stored XSS.This issue affects WP Cookie: from n/a through <= 1... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-22579 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly WP Header Notification wp-header-notification allows Stored XSS.This issue affects WP Heade... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-22580 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Auto IT Biltorvet Dealer Tools biltorvet-dealer-tools allows Stored XSS.This issue affects Biltorv... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22581 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bytephp Arcade Ready arcadeready allows Stored XSS.This issue affects Arcade Ready: from n/a throu... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22582 Cross-Site Request Forgery (CSRF) vulnerability in Scott Nelle Uptime Robot uptime-robot allows Stored XSS.This issue affects Uptime Robot: from n/a through <= 0.1.3. | 7.1 | HIGH | β | 0 |
| CVE-2025-22584 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsPoint Timeline Pro timeline-pro allows DOM-Based XSS.This issue affects Timeline Pro: from ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22585 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Ultimate Image Hover Effects ultimate-image-hover-effects allows DOM-Based XSS.This issue... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-22589 Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet quote-tweet allows Stored XSS.This issue affects Quote Tweet: from n/a through <= 0.7. | 7.1 | HIGH | β | 0 |
| CVE-2025-22590 Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere prayer-times-anywhere allows Stored XSS.This issue affects Prayer Times Anywhere: from n/a through <= 2.0.1. | 7.1 | HIGH | β | 0 |
| CVE-2025-22591 Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortg... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-22592 Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Appl... | 7.5 | HIGH | β | 0 |
| CVE-2025-22593 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burria Laika Pedigree Tree laika-pedigree-tree allows Stored XSS.This issue affects Laika Pedigree... | 7.1 | HIGH | β | 0 |
| CVE-2024-56270 Missing Authorization vulnerability in SecureSubmit WP SecureSubmit securesubmit allows Retrieve Embedded Sensitive Data.This issue affects WP SecureSubmit: from n/a through <= 1.5.20. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-56272 Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce hide-category-by-user-role-for-woocommerce.This issue affects Hide Category by User Role for WooCommerce:... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-22296 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Hash Elements hash-elements.This issue affects Hash Elements: from n/a through <= 1.5.0... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.