7.1
CVE-2025-58971 - WordPress Doctreat theme <= 1.6.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AmentoTech Doctreat doctreat allows Reflected XSS.This issue affects Doctreat: from n/a through <= 1.6.7.
6.3
CVE-2025-58970 - WordPress Doctreat theme <= 1.6.7 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through <= 1.6.7.
8.1
CVE-2025-58967 - WordPress Businext theme < 2.4.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through < 2.4.4.
7.1
CVE-2025-58966 - WordPress NEX-Forms LITE plugin < 8.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms LITE nex-forms-lite allows Reflected XSS.This issue affects NEX-Forms LITE: from n/a through < 8.2.
10
CVE-2025-58963 - WordPress Medcity theme < 1.1.9 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9.
7.1
CVE-2025-58961 - WordPress CF7 Auto Responder Addon plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav CF7 Auto Responder Addon CF7-autoresponder-addon allows DOM-Based XSS.This issue affects CF7 Auto Responder Addon: from n/a through <= 2.4.
7.7
CVE-2025-58959 - WordPress Taskbot plugin <= 6.4 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through <= 6.4.
8.1
CVE-2025-58958 - WordPress SmilePure Theme < 1.8.5 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through < 1.8.5.
8.1
CVE-2025-58955 - WordPress Karzo theme < 2.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Karzo karzo allows PHP Local File Inclusion.This issue affects Karzo: from n/a through < 2.6.
7.1
CVE-2025-58921 - WordPress WP Tactical Popup plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Tactical Popup wp-tactical-popup allows Reflected XSS.This issue affects WP Tactical Popup: from n/a through <= 1.1.