CVE-2025-13456: Reflected XSS in ShopBuilder WooCommerce Plugin (CVSS 6.1)
A Reflected Cross-Site Scripting vulnerability has been discovered in the ShopBuilder WordPress plugin for WooCommerce. Tracked as CVE-2025-13456…
Category
CVE
Security vulnerability reports and CVE analysis for WordPress plugins, themes, and core.
CVE-2025-13153: Stored XSS in Logo Slider WordPress Plugin (CVSS 6.1)
A Cross-Site Scripting (XSS) vulnerability has been discovered in the Logo Slider WordPress plugin. Tracked as CVE-2025-13153 with…
CVE-2025-12685: CSRF Vulnerability in WPBookit Plugin Allows Customer Deletion
CVE-2025-12685 WPBookit CSRF Privilege Escalation. A Cross-Site Request Forgery (CSRF) vulnerability affects the WPBookit WordPress plugin. Tracked as…
CVE-2025-14047: Unauthorized Data Loss in WP User Frontend Plugin
CVE-2025-14047 WP User Frontend SQL Injection. An unauthorized data loss vulnerability affects the WP User Frontend plugin for…
CVE-2025-14428: Missing Capability Check in My Sticky Elements Plugin
A missing capability check vulnerability affects the My Sticky Elements plugin for WordPress. Tracked as CVE-2025-14428 with a…
CVE-2025-14627: SSRF Vulnerability in WP Import Plugin (CVSS 6.4)
A Server-Side Request Forgery 2026 WordPress Security Threats report (SSRF) vulnerability has been discovered in the WP Import…
CVE-2025-14072: Ninja Forms Access Token Generation Vulnerability
The Ninja Forms plugin for WordPress has an access token generation issue. It is tracked as CVE-2025-14072 with…
CVE-2025-14124: SQL Injection in Team WordPress Plugin (CVSS 8.6)
A SQL injection vulnerability has appeared in the Team WordPress plugin. Tracked as CVE-2025-14124 with a CVSS score…
CVE-2025-14998: Critical Account Takeover in Branda (Ultimate Branding) Plugin (CVSS 9.8)
CVE-2026-4123 Branda Account Takeover. A critical privilege escalation vulnerability has been discovered in the Branda plugin for WordPress,…
CVE-2025-13820: Authentication Bypass in Comments Plugin via Disqus Login
A critical authentication bypass CVE-2026-4119 Create DB Tables vulnerability vulnerability has been discovered in the Comments WordPress plugin,…