6.5
CVE-2025-62968 - WordPress WP Last Modified Info plugin <= 1.9.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Stored XSS.This issue affects WP Last Modified Info: from n/a through <= 1.9.2.
6.5
CVE-2025-62967 - WordPress DirectoryPress plugin <= 3.6.25 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through <= 3.6.25.
5.4
CVE-2025-62966 - WordPress GoCache plugin <= 1.3.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through <= 1.3.6.
4.3
CVE-2025-62965 - WordPress Admin Management Xtended plugin <= 2.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through <= 2.5.1.
5.3
CVE-2025-62964 - WordPress MDTF plugin <= 1.3.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.6.
6.5
CVE-2025-62963 - WordPress Estatik plugin <= 4.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through <= 4.3.1.
7.1
CVE-2025-62962 - WordPress CloudSearch plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio CloudSearch cloud-search allows Stored XSS.This issue affects CloudSearch: from n/a through <= 3.0.0.
9.1
CVE-2025-62959 - WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusion.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.3.23.
4.3
CVE-2025-62958 - WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Clifton Griffin Simple Content Templates for Blog Posts & Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Content Templates for Blog Posts & Pages: from n/a through <= 2.2.61.
7.1
CVE-2025-62957 - WordPress NikanWP WooCommerce Reporting plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulneraβ¦
Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0.