7.1
CVE-2025-31905 - WordPress Team Rosters Plugin <= 4.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Team Rosters allows Reflected XSS. This issue affects Team Rosters: from n/a through 4.7.
7.1
CVE-2025-31903 - WordPress XV Random Quotes Plugin <= 1.37 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound XV Random Quotes allows Reflected XSS. This issue affects XV Random Quotes: from n/a through 1.37.
7.1
CVE-2025-31902 - WordPress Social Share And Social Locker Plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Social Share And Social Locker allows Reflected XSS. This issue affects Social Share And Social Locker: from n/a through 1.4.1.
7.1
CVE-2025-31901 - WordPress Digihood HTML Sitemap Plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digihood Digihood HTML Sitemap allows Reflected XSS. This issue affects Digihood HTML Sitemap: from n/a through 3.1.1.
7.1
CVE-2025-31900 - WordPress Lexicata plugin <= 1.0.16 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lexicata Lexicata allows Reflected XSS. This issue affects Lexicata: from n/a through 1.0.16.
7.1
CVE-2025-31899 - WordPress Awesome Logos plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpshopee Awesome Logos allows Reflected XSS. This issue affects Awesome Logos: from n/a through 1.2.
7.1
CVE-2025-31898 - WordPress MediaView plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MediaView allows Reflected XSS. This issue affects MediaView: from n/a through 1.1.2.
6.5
CVE-2025-31896 - WordPress GetBookingsWP Plugin <= 1.1.27 - Broken Access Control vulnerability
Missing Authorization vulnerability in istmoplugins GetBookingsWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GetBookingsWP: from n/a through 1.1.27.
6.5
CVE-2025-31893 - WordPress Botnet Attack Blocker plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cheesefather Botnet Attack Blocker allows Stored XSS. This issue affects Botnet Attack Blocker: from n/a through 2.0.0.
5.8
CVE-2025-31876 - WordPress Payday plugin <= 3.3.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in gunnarpayday Payday allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payday: from n/a through 3.3.12.