7.1
CVE-2025-68891 - WordPress WP App Bar plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflected XSS.This issue affects WP App Bar: from n/a through <= 1.5.
7.1
CVE-2025-68890 - WordPress e-shops plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through <= 1.0.4.
7.1
CVE-2025-68889 - WordPress Pinpoll plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pinpoll Pinpoll pinpoll allows Reflected XSS.This issue affects Pinpoll: from n/a through <= 4.0.0.
7.1
CVE-2025-68887 - WordPress WP-BusinessDirectory plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through <= 4.0.1.
6.5
CVE-2025-68875 - WordPress Flaming Password Reset plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jcaruso001 Flaming Password Reset flaming-password-reset allows Stored XSS.This issue affects Flaming Password Reset: from n/a through <= 1.0.3.
7.1
CVE-2025-68874 - WordPress Visitor Stats Widget plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Visitor Stats Widget visitor-stats-widget allows Reflected XSS.This issue affects Visitor Stats Widget: from n/a through <= 1.5.0.
7.1
CVE-2025-68873 - WordPress PRIMER by chloédigital plugin <= 1.0.25 - Reflected Cross Site Scripting (XSS) vulnerabil…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chloédigital PRIMER by chloédigital primer-by-chloedigital allows Reflected XSS.This issue affects PRIMER by chloédigital: from n/a through <= 1.0.25.
6.5
CVE-2025-68867 - WordPress Effect Maker plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: from n/a through <= 1.2.1.
8.1
CVE-2025-67937 - WordPress Hendon theme < 1.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through < 1.7.
8.1
CVE-2025-67936 - WordPress Curly theme < 3.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3.