In Site Reviews plugin for WordPress versions before 7.2.5 a high severity vulnerability CVE-2025-1232 was detected. This vulnerability allows unauthenticated attackers to perform Stored Cross-Site Scripting (XSS) attacks due to improper sanitization and escaping of certain review fields. To address this issue, users should upgrade Site Reviews plugin to versions 7.2.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1232.
Read more CMS
In Download Manager WordPress plugin versions before 3.3.07 a medium severity vulnerability CVE-2024-13126 was detected. This vulnerability allows attackers to access unauthorized files due to the lack of directory listing prevention on web servers that don’t use htaccess. To address this issue, users should upgrade Download Manager WordPress plugin to version 3.3.07 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13126.
Read more CMS
In Poll Maker WordPress plugin versions before 5.5.4 a low severity vulnerability CVE-2024-13602 was detected. This vulnerability allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting (XSS) attacks due to improper sanitization and escaping of certain settings, even when the unfiltered_html capability is disallowed (e.g., in a multisite setup). To address this issue, users should upgrade Poll Maker WordPress plugin to version 5.5.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13602.
Read more CMS
In GDPR Cookie Compliance plugin for WordPress versions before 4.15.9 a low severity vulnerability CVE-2025-1624 was detected. This vulnerability allows attackers to perform Stored Cross-Site Scripting (XSS) attacks due to the plugin not sanitizing and escaping some of its settings, which could allow high privilege users such as admins to exploit it, even when the unfiltered_html capability is disallowed (e.g., in multisite setups). To address this issue, users should upgrade GDPR Cookie Compliance plugin to versions 4.15.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1624.
Read more CMS
In WP01 plugin for WordPress versions up to and including 2.6.2 a medium severity vulnerability CVE-2025-2267 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to download arbitrary files from the server due to a missing capability check and insufficient restrictions on the make_archive() function. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2267.
Read more CMS
In Pixelstats plugin for WordPress versions up to and including 0.8.2 a medium severity vulnerability CVE-2025-2164 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘post_id’ and ‘sortby’ parameters due to insufficient input sanitization and output escaping, which execute when a user is tricked into performing an action like clicking on a link. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2164.
In Tripetto plugin for WordPress versions up to and including 8.0.9 a medium severity vulnerability CVE-2025-1530 was detected. This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results by tricking a site administrator into performing an action such as clicking on a link. To address this issue, users should upgrade Tripetto plugin to versions 8.0.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1530.
Read more CMS
In Test Email Plugin for WordPress versions 1.1.8 and prior a high severity vulnerability CVE-2025-2325 was detected. This vulnerability allows unauthenticated attackers to exploit stored XSS via email logs due to insufficient sanitization and escaping, injecting arbitrary scripts that execute when users access the compromised page. To address this issue, users should upgrade WP Test Email plugin to versions 1.1.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2325.
Read more CMS
In Zoorum Comments plugin for WordPress versions up to and including 0.9 a medium severity vulnerability CVE-2025-2163 was detected. This vulnerability allows unauthenticated attackers to exploit CSRF due to missing or incorrect nonce validation in the zoorum_set_options() function, enabling them to update settings and inject malicious scripts by tricking a site administrator into clicking a link. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2163.
Read more CMS