Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-28 | CVE-2025-1560 | Cross-site Scripting vulnerability in Darkosxrc WOW Entrance Effects (Wee!) 0.1 The WOW Entrance Effects (WEE!) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wee' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-28 | CVE-2025-1570 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wpwax Directorist The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. | 9.8 |
| 2025-02-28 | CVE-2025-1662 | Server-Side Request Forgery (SSRF) vulnerability in Apprhyme URL Media Uploader The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. | 6.4 |
| 2025-02-28 | CVE-2025-1572 | SQL Injection vulnerability in Iqonic Kivicare The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘u_id’ parameter in all versions up to, and including, 3.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2025-02-28 | CVE-2025-0764 | Improper Input Validation vulnerability in Gvectors Wpforo Forum The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. | 6.5 |
| 2025-02-28 | CVE-2025-1405 | Cross-site Scripting vulnerability in Implecode Product Catalog Simple The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_products shortcode in all versions up to, and including, 1.7.11 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-28 | CVE-2025-1571 | Cross-site Scripting vulnerability in Exclusiveaddons Exclusive Addons for Elementor The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-28 | CVE-2024-12820 | Cross-site Scripting vulnerability in Webtamarin MK Google Directions The MK Google Directions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MKGD' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-28 | CVE-2025-1506 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmet WP Social Login and Register Social Counter The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. | 4.3 |
| 2025-02-28 | CVE-2025-1511 | Cross-site Scripting vulnerability in Wpeverest User Registration The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. | 6.1 |