NuytsTech Security

CVE-2025-30798

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in rickonline_nl Better WishList API allows Reflected XSS. This issue affects Better WishList API: from n/a through 1.1.4. Assigner : audit@patchstack.com More information...

CVE-2025-30797

Missing Authorization vulnerability in bigdrop.gr Greek Multi Tool – Fix peralinks, accents, auto create menus and more allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greek Multi Tool – Fix peralinks,...

CVE-2025-30796

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS. This issue affects The Ultimate WordPress Toolkit – WP Extended:...

CVE-2025-30794

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Events Calendar Event Tickets allows Reflected XSS. This issue affects Event Tickets: from n/a through 5.20.0. Assigner : audit@patchstack.com More information...

CVE-2025-30793

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Property Hive Houzez Property Feed allows Path Traversal. This issue affects Houzez Property Feed: from n/a through 2.5.4. Assigner : audit@patchstack.com...

CVE-2025-30782

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WP Shuffle Subscribe to Download Lite allows PHP Local File Inclusion. This issue affects Subscribe to Download Lite:...

CVE-2025-30774

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ays Pro Quiz Maker allows SQL Injection. This issue affects Quiz Maker: from n/a through 6.6.8.7. Assigner : audit@patchstack.com More...

CVE-2025-30614

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Haozhe Xie Google Font Fix allows Reflected XSS. This issue affects Google Font Fix: from n/a through 2.3.1. Assigner : audit@patchstack.com More...

CVE-2025-30607

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Name.ly Quick Localization allows Reflected XSS. This issue affects Quick Localization: from n/a through 0.1.0. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/quick-localization/vulnerability/wordpress-quick-localization-plugin-0-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve