7.1
CVE-2025-31392 - WordPress Smart Product Gallery Slider plugin <= 1.0.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Shameem Reza Smart Product Gallery Slider allows Cross Site Request Forgery. This issue affects Smart Product Gallery Slider: from n/a through 1.0.4.
7.1
CVE-2025-31393 - WordPress Social Bookmarking RELOADED plugin <= 3.18 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in vfvalent Social Bookmarking RELOADED allows Stored XSS. This issue affects Social Bookmarking RELOADED: from n/a through 3.18.
7.1
CVE-2025-31394 - WordPress More Mime Type Filters plugin <= 0.3 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey (trepmal) More Mime Type Filters allows Stored XSS. This issue affects More Mime Type Filters: from n/a through 0.3.
7.1
CVE-2025-31395 - WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in a.ankit Easy Custom CSS allows Stored XSS. This issue affects Easy Custom CSS: from n/a through 1.0.
7.1
CVE-2025-31399 - WordPress CG Scroll To Top plugin <= 3.5 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Chandan Garg CG Scroll To Top allows Stored XSS. This issue affects CG Scroll To Top: from n/a through 3.5.
7.1
CVE-2025-31400 - WordPress WS Audio Player plugin <= 1.1.8 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in icyleaf WS Audio Player allows Stored XSS. This issue affects WS Audio Player: from n/a through 1.1.8.
7.1
CVE-2025-31401 - WordPress MMX โ Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas allows Stored XSS. This issue affects MMX – Make Me Christmas: from n/a through 1.0.0.
7.1
CVE-2025-31402 - WordPress NewsBoard Post and RSS Scroller plugin <= 1.2.12 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller allows Stored XSS. This issue affects NewsBoard Post and RSS Scroller: from n/a through 1.2.12.
7.1
CVE-2025-31404 - WordPress AF Tell a Friend plugin <= 1.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend allows Stored XSS. This issue affects AF Tell a Friend: from n/a through 1.4.
7.1
CVE-2025-32476 - WordPress Advanced Tag Lists plugin <= 1.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in blueinstyle Advanced Tag Lists allows Stored XSS. This issue affects Advanced Tag Lists: from n/a through 1.2.