0.0
CVE-2025-28973 - WordPress Pro Bulk Watermark Plugin for WordPress <= 2.0 - Path Traversal Vulnerability
Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through <= 2.0.
8.5
CVE-2025-28949 - WordPress Mediabay - WordPress Media Library Folders <= 1.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.
7.1
CVE-2025-23757 - WordPress ZD Scribd iPaper plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proloy Chakroborty ZD Scribd iPaper zd-scribd-ipaper allows Reflected XSS.This issue affects ZD Scribd iPaper: from n/a through <= 1.0.
7.1
CVE-2025-23719 - WordPress ZhinaTwitterWidget plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zckevin ZhinaTwitterWidget zhina-twitter-widget allows Reflected XSS.This issue affects ZhinaTwitterWidget: from n/a through <= 1.0.
7.1
CVE-2025-23707 - WordPress En Masse plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matamko En Masse en-masse-wp allows Reflected XSS.This issue affects En Masse: from n/a through <= 1.0.
7.1
CVE-2025-23705 - WordPress Zielke Design Project Gallery plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Zielke Zielke Design Project Gallery zielke-design-project-gallery allows Reflected XSS.This issue affects Zielke Design Project Gallery: from n/a through <= 2.5.0.
7.1
CVE-2025-23667 - WordPress custom-post-edit plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christopher Churchill custom-post-edit front-end-post-edit allows Reflected XSS.This issue affects custom-post-edit: from n/a through <= 1.0.4.
5.4
CVE-2025-66144 - WordPress Worker for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Worker for Elementor worker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through <= 1.0.10.
5.4
CVE-2025-66145 - WordPress Worker for WPBakery plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Worker for WPBakery worker-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through <= 1.1.1.
5.4
CVE-2025-66146 - WordPress Logger for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Logger for Elementor logger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logger for Elementor: from n/a through <= 1.0.9.