7.2
CVE-2025-58218 - WordPress Small Package Quotes β USPS Edition Plugin <= 1.3.9 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in enituretechnology Small Package Quotes β USPS Edition allows Object Injection. This issue affects Small Package Quotes β USPS Edition: from n/a through 1.3.9.
7.1
CVE-2025-58217 - WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News allows Stored XSS. This issue affects Instant Breaking News: from n/a through 1.0.
5.9
CVE-2025-58216 - WordPress WP Thumbtack Review Slider Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Thumbtack Review Slider allows Stored XSS. This issue affects WP Thumbtack Review Slider: from n/a through 2.6.
6.5
CVE-2025-58213 - WordPress Booking System Trafft Plugin <= 1.0.14 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ameliabooking Booking System Trafft allows Stored XSS. This issue affects Booking System Trafft: from n/a through 1.0.14.
6.5
CVE-2025-58212 - WordPress Epeken All Kurir Plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in epeken Epeken All Kurir allows DOM-Based XSS. This issue affects Epeken All Kurir: from n/a through 2.0.1.
6.5
CVE-2025-58211 - WordPress Chatbox Manager Plugin <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager allows Stored XSS. This issue affects Chatbox Manager: from n/a through 1.2.6.
6.5
CVE-2025-58209 - WordPress Transcoder Plugin <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtCamp Transcoder allows Stored XSS. This issue affects Transcoder: from n/a through 1.4.0.
6.5
CVE-2025-58208 - WordPress PDF for Elementor Forms + Drag And Drop Template Builder Plugin <= 6.2.0 - Cross Site Scrβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder allows Stored XSS. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 6.2.0.
6.5
CVE-2025-58205 - WordPress ElementInvader Addons for Elementor Plugin <= 1.3.6 - Cross Site Scripting (XSS) Vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.6.
4.7
CVE-2025-58204 - WordPress Podlove Podcast Publisher Plugin <= 4.2.5 - Open Redirection Vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Eric Teubert Podlove Podcast Publisher allows Phishing. This issue affects Podlove Podcast Publisher: from n/a through 4.2.5.