5.9
CVE-2025-67556 - WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows Stored XSS.This issue affects Advanced FAQ Manager: from n/a through <= 1.5.2.
5.9
CVE-2025-67555 - WordPress UseStrict's Calendly Embedder plugin <= 1.1.7.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in useStrict UseStrict's Calendly Embedder cal-embedder-lite allows Stored XSS.This issue affects UseStrict's Calendly Embedder: from n/a through <= 1.1.7.2.
5.9
CVE-2025-67554 - WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.5.8 - Cross Site Scripting (XSS) vโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Humanityco Cookie Notice & Compliance for GDPR / CCPA cookie-notice allows Stored XSS.This issue affects Cookie Notice & Compliance for GDPR / CCPA: from n/a through <= 2.5.8.
6.5
CVE-2025-67553 - WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows DOM-Based XSS.This issue affects Advanced FAQ Manager: from n/a through <= 1.5.2.
6.5
CVE-2025-67552 - WordPress Walker Core plugin <= 1.3.17 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WalkerWP Walker Core walker-core allows DOM-Based XSS.This issue affects Walker Core: from n/a through <= 1.3.17.
6.5
CVE-2025-67551 - WordPress Wappointment plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wappointment team Wappointment wappointment allows Stored XSS.This issue affects Wappointment: from n/a through <= 2.6.9.
6.5
CVE-2025-67550 - WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through <= 2.2.6.
6.5
CVE-2025-67549 - WordPress oik plugin <= 4.15.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through <= 4.15.3.
6.5
CVE-2025-67548 - WordPress WP Delicious plugin <= 1.9.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.1.
6.5
CVE-2025-67545 - WordPress FireBox plugin <= 3.1.0-free - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through <= 3.1.0-free.