6.5
CVE-2025-9199 - Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQโฆ
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on theโฆ
4.3
CVE-2025-10309 - PayPal Forms <= 1.0.3 - Cross-Site Request Forgery
The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the form creation and management functions. This makes it possible for unauthenticated attackers to create new PayPal forms and mโฆ
4.4
CVE-2025-10053 - TableGen โ Data Table Generator <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The TableGen โ Data Table Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-levโฆ
6.4
CVE-2025-9206 - Meks Easy Maps <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Meks Easy Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title field in all version up to, and including, 2.1.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackerโฆ
6.4
CVE-2025-9080 - Generic Elements <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Generic Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget fields in version 1.2.8 and earlier. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with coโฆ
6.4
CVE-2025-9854 - A Simple Multilanguage Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The A Simple Multilanguage Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'asmp-switcher' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible forโฆ
4.3
CVE-2025-9945 - Optimize More! โ CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset
The Optimize More! โ CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the reset_plugin function. This makes it possible for unauthenticated attackers to reset the plugin's optimiโฆ
3.8
CVE-2025-10306 - Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup_batch() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download dโฆ
6.4
CVE-2025-10192 - WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppe_effect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticateโฆ
6.1
CVE-2025-9884 - Mobile Site Redirect <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Mobile Site Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious webโฆ