7.1
CVE-2025-22651 - WordPress Stylish Google Sheet Reader plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wppluginboxdev Stylish Google Sheet Reader allows Reflected XSS. This issue affects Stylish Google Sheet Reader: from n/a through 4.0.
9.3
CVE-2025-22655 - WordPress CWD - Stealth Links plugin <= 1.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD β Stealth Links allows SQL Injection. This issue affects CWD β Stealth Links: from n/a through 1.3.
7.1
CVE-2025-22692 - WordPress Sponsered Link plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rachanaS Sponsered Link allows Reflected XSS. This issue affects Sponsered Link: from n/a through 4.0.
6.5
CVE-2025-22771 - WordPress The Great Firewords of China plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studio Hyperset The Great Firewords of China allows Stored XSS. This issue affects The Great Firewords of China: from n/a through 1.2.
7.1
CVE-2025-22774 - WordPress CRUDLab Scroll to Top Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Scroll to Top allows Reflected XSS. This issue affects CRUDLab Scroll to Top: from n/a through 1.0.1.
7.1
CVE-2025-22796 - WordPress WP-Asambleas Plugin <= 2.85.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in platcom WP-Asambleas allows Reflected XSS. This issue affects WP-Asambleas: from n/a through 2.85.0.
7.5
CVE-2025-26968 - WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5.
7.1
CVE-2025-39414 - WordPress spam-stopper plugin <= 3.1.3 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS. This issue affects spam-stopper: from n/a through 3.1.3.
7.1
CVE-2025-39415 - WordPress Social Media Links plugin <= 1.0.3 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS. This issue affects Social Media Links: from n/a through 1.0.3.
7.1
CVE-2025-39416 - WordPress translit it! plugin <= 1.6 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! allows Stored XSS. This issue affects translit it!: from n/a through 1.6.