7.1
CVE-2025-58916 - WordPress Author: Munzir plugin <= 0.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Munzir Author: Munzir myshouts-shoutbox allows Reflected XSS.This issue affects Author: Munzir: from n/a through <= 0.9.
8.8
CVE-2025-53428 - WordPress Simple User Registration plugin <= 6.8 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through <= 6.8.
7.1
CVE-2025-53427 - WordPress SEO Pyramid plugin <= 1.9.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chibueze Okechukwu SEO Pyramid seo-pyramid allows Reflected XSS.This issue affects SEO Pyramid: from n/a through <= 1.9.8.
7.1
CVE-2025-53426 - WordPress Likert Survey Master plugin <= 0.8.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Likert Survey Master likert-survey-master allows Reflected XSS.This issue affects Likert Survey Master: from n/a through <= 0.8.0.1.
7.6
CVE-2025-53425 - WordPress Dokan plugin <= 4.1.3 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through <= 4.1.3.
6.5
CVE-2025-53424 - WordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - Broken Access Control vulnerabiliβ¦
Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4.
7.1
CVE-2025-53423 - WordPress Triss theme <= 2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Triss triss allows Reflected XSS.This issue affects Triss: from n/a through <= 2.6.
7.1
CVE-2025-53422 - WordPress WhatsApp Chat for WordPress and WooCommerce plugin <= 1.2.1 - Cross Site Scripting (XSS) β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeWarriors WhatsApp Chat for WordPress and WooCommerce tw-whatsapp-chat-rotator allows Reflected XSS.This issue affects WhatsApp Chat for WordPress and WooCommerce: from n/a through <= 1.2.1.
6.3
CVE-2025-53421 - WordPress Accordion plugin <= 2.3.14 - Broken Access Control vulnerability
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.14.
7.1
CVE-2025-53420 - WordPress WPLMS plugin <= 1.9.9.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows Reflected XSS.This issue affects WPLMS: from n/a through <= 1.9.9.8.