Medium - CVE-2024-13350 - The SearchIQ – The Search Solution plugin for...
The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including,...
Medium - CVE-2024-13827 - The Razorpay Subscription Button Elementor...
The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg() and remove_query_arg() functions without...
Medium - CVE-2024-13866 - The Simple Notification plugin for WordPress is...
The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This...
Medium - CVE-2024-8682 - The JNews - WordPress Newspaper Magazine Blog...
The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. This is due to the plugin...
Medium - CVE-2025-0990 - The I Am Gloria plugin for WordPress is...
The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the...
Medium - CVE-2025-1008 - The Recently Purchased Products For Woo plugin...
The Recently Purchased Products For Woo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘view’ parameter in all versions up to, and including, 1.1.3 due to insufficient...
Medium - CVE-2025-1435 - The bbPress plugin for WordPress is vulnerable...
The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the...
NA - CVE-2025-22493 - Secure flag not set and SameSIte was set to Lax...
Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP...