HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2025-58211

Apr 1, 2026 15:58:18 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Stored XSS.This issue affects Chatbox Manager: from n/a through <= 1.2.6.

CVE-2025-58210

Apr 1, 2026 15:58:18 UTC

Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through <= 1.8.5.

CVE-2025-58209

Apr 1, 2026 15:58:17 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtCamp Transcoder transcoder allows Stored XSS.This issue affects Transcoder: from n/a through <= 1.4.0.

CVE-2025-58208

Apr 1, 2026 15:58:17 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Stored XSS.This issue affects PDF for ...

CVE-2025-58206

Apr 1, 2026 15:58:17 UTC

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through <= 3.2.5.

CVE-2025-58205

Apr 1, 2026 15:58:17 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInv...

CVE-2025-58204

Apr 1, 2026 15:58:16 UTC

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Phishing.This issue affects Podlove Podcast Publisher: from n/a through <= 4.2.5.

CVE-2025-58203

Apr 1, 2026 15:58:16 UTC

Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra solace-extra allows Server Side Request Forgery.This issue affects Solace Extra: from n/a through <= 1.3.2.

CVE-2025-58202

Apr 1, 2026 15:58:16 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction simple-page-access-restriction allows Cross Site Request Forgery.This issue affects Simple Page Access Restriction: from n/a through <= 1...

CVE-2025-58201

Apr 1, 2026 15:58:16 UTC

Missing Authorization vulnerability in AfterShip &amp; Automizely AfterShip Tracking aftership-woocommerce-tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AfterShip Tracking: from n/a through <= 1...

CVE-2025-58200

Apr 1, 2026 15:58:16 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ flexible-faq allows Cross Site Request Forgery.This issue affects Flexible FAQ: from n/a through <= 0.2.

CVE-2025-58199

Apr 1, 2026 15:58:16 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through <= 1.2.28.

CVE-2025-58198

Apr 1, 2026 15:58:15 UTC

Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through <= 1.2.9.

CVE-2025-58197

Apr 1, 2026 15:58:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mra13 Simple Download Monitor simple-download-monitor allows Stored XSS.This issue affects Simple Download Monitor: from n/a through <= 3....

CVE-2025-58196

Apr 1, 2026 15:58:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through <= 1.3.4.

Page: 60