6.5
CVE-2025-26895 - WordPress m1.DownloadList plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maennchen1.de m1.DownloadList allows DOM-Based XSS. This issue affects m1.DownloadList: from n/a through 0.19.
7.6
CVE-2025-26886 - WordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Authors allows SQL Injection. This issue affects PublishPress Authors: from n/a through 4.7.3.
9.3
CVE-2025-26875 - WordPress Multiple Shipping And Billing Address For Woocommerce Plugin <= 1.3 - SQL Injection vulneβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.3.
7.1
CVE-2025-26556 - WordPress WP AntiDDOS Plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zzmaster WP AntiDDOS allows Reflected XSS. This issue affects WP AntiDDOS: from n/a through 2.0.
7.1
CVE-2025-26555 - WordPress Debug-Bar-Extender Plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Debug-Bar-Extender allows Reflected XSS. This issue affects Debug-Bar-Extender: from n/a through 0.5.
7.1
CVE-2025-26554 - WordPress WP Discord Post Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Discord Post allows Reflected XSS. This issue affects WP Discord Post: from n/a through 2.1.0.
7.1
CVE-2025-26553 - WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spring Devs Pre Order Addon for WooCommerce β Advance Order/Backorder Plugin allows Reflected XSS. This issue affects Pre Order Addon for WooCommerce β Advance Order/Backorder Plugin: from n/a throβ¦
7.1
CVE-2025-26548 - WordPress Random Image Selector plugin <= 1.5.6 - Reflected Cross-Site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Random Image Selector allows Reflected XSS. This issue affects Random Image Selector: from n/a through 2.4.
7.1
CVE-2025-23744 - WordPress Random Posts, Mp3 Player + ShareButton plugin <= 1.4.1 - Reflected Cross Site Scripting (β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dvs11 Random Posts, Mp3 Player + ShareButton allows Reflected XSS. This issue affects Random Posts, Mp3 Player + ShareButton: from n/a through 1.4.1.
6.5
CVE-2025-25225 - Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.β¦
A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.