Skip to main content
CVE-2026-0680 MEDIUM This Month

Stored XSS in Real Post Slider Lite WordPress plugin through version 2.4 allows authenticated administrators to inject malicious scripts into plugin settings that execute for other users viewing affected pages. The vulnerability requires high privileges and only impacts multi-site WordPress installations or those with unfiltered_html disabled. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-15486 MEDIUM This Month

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. [CVSS 4.4 MEDIUM]

WordPress XSS Path Traversal PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-15021 MEDIUM This Month

The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-14725 MEDIUM This Month

The Internal Link Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-0739 MEDIUM This Month

Stored XSS in WMF Mobile Redirector plugin for WordPress up to version 1.2 allows authenticated administrators to inject malicious scripts into plugin settings that execute for all site visitors. The vulnerability stems from inadequate input sanitization and output escaping, enabling privilege abuse by high-level account holders. A patch is not currently available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-14379 MEDIUM This Month

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-14482 MEDIUM This Month

Crush.pics Image Optimizer - Image Compression and Optimization (WordPress plugin) versions up to 1.8.7. is affected by missing authorization (CVSS 4.3).

WordPress Industrial PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-15376 MEDIUM This Month

Stopwords for comments (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-14846 MEDIUM This Month

SocialChamp with WordPress (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-14389 MEDIUM This Month

The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0635 MEDIUM This Month

The Responsive Accordion Slider plugin for WordPress up to version 1.2.2 fails to validate user permissions on image metadata modification functions, allowing authenticated contributors and higher-privileged users to alter slider images, titles, descriptions, alt text, and associated links. This capability check bypass affects all installations using the vulnerable plugin versions and requires only valid WordPress login credentials to exploit.

WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-15377 MEDIUM This Month

The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'admin_page_content' function. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68492 MEDIUM PATCH This Month

Chainlit versions up to 2.8.5 is affected by authorization bypass through user-controlled key (CVSS 4.2).

Authentication Bypass AI / ML
NVD GitHub
CVSS 3.0
4.2
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy