HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2025-58200

Apr 1, 2026 15:58:16 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ flexible-faq allows Cross Site Request Forgery.This issue affects Flexible FAQ: from n/a through <= 0.2.

CVE-2025-58199

Apr 1, 2026 15:58:16 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through <= 1.2.28.

CVE-2025-58198

Apr 1, 2026 15:58:15 UTC

Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through <= 1.2.9.

CVE-2025-58197

Apr 1, 2026 15:58:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mra13 Simple Download Monitor simple-download-monitor allows Stored XSS.This issue affects Simple Download Monitor: from n/a through <= 3....

CVE-2025-58196

Apr 1, 2026 15:58:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through <= 1.3.4.

CVE-2025-58195

Apr 1, 2026 15:58:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.17.

CVE-2025-58194

Apr 1, 2026 15:58:14 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.4.3.

CVE-2025-58193

Apr 1, 2026 15:58:14 UTC

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through <= 6.7.0.1.

CVE-2025-58192

Apr 1, 2026 15:58:14 UTC

Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a through <= 1.3.6.

CVE-2025-58033

Apr 1, 2026 15:58:14 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leeshadle Draft website-builder allows Stored XSS.This issue affects Draft: from n/a through <= 3.0.9.

CVE-2025-58032

Apr 1, 2026 15:58:13 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Bytes.co WP Compiler wp-compiler allows Cross Site Request Forgery.This issue affects WP Compiler: from n/a through <= 1.0.0.

CVE-2025-58031

Apr 1, 2026 15:58:13 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a thr...

CVE-2025-58030

Apr 1, 2026 15:58:13 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Page-list page-list allows Stored XSS.This issue affects Page-list: from n/a through <= 5.8.

CVE-2025-58029

Apr 1, 2026 15:58:13 UTC

Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets classic-widgets-with-block-based-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Classic Widgets with Blo...

CVE-2025-58028

Apr 1, 2026 15:58:12 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aum Watcharapon Designil PDPA Thailand pdpa-thailand allows Stored XSS.This issue affects Designil PDPA Thailand: from n/a through <= 2.0....

Page: 58