6.4
CVE-2025-58962 - WordPress Publitio Plugin <= 2.2.1 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio publitio allows Server Side Request Forgery.This issue affects Publitio: from n/a through <= 2.2.1.
6.5
CVE-2025-58965 - WordPress Fusion Page Builder : Extension โ Gallery Plugin <= 1.7.6 - Cross Site Scripting (XSS) Vuโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery fusion-extension-gallery allows Stored XSS.This issue affects Fusion Page Builder : Extension – Gallery: from n/a through โฆ
5
CVE-2025-58968 - WordPress MaxiBlocks Plugin <= 2.1.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MaxiBlocks: from n/a through <= 2.1.3.
5.3
CVE-2025-58969 - WordPress Custom Login URL Plugin <= 1.0.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Greg Winiarski Custom Login URL custom-login-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login URL: from n/a through <= 1.0.2.
7.5
CVE-2025-58973 - WordPress Easy Elementor Addons Plugin <= 2.2.8 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows PHP Local File Inclusion.This issue affects Easy Elementor Addons: from n/a through <= 2.2.8.
6.5
CVE-2025-58974 - WordPress WPComplete Plugin <= 2.9.5.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through <= 2.9.5.2.
6.5
CVE-2025-58992 - WordPress Product Catalog Simple Plugin <= 1.8.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple post-type-x allows Stored XSS.This issue affects Product Catalog Simple: from n/a through <= 1.8.2.
6.5
CVE-2025-59549 - WordPress GetResponse Forms Plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms getresponse allows Stored XSS.This issue affects GetResponse Forms: from n/a through <= 2.6.0.
4.3
CVE-2025-59551 - WordPress Revive.so Plugin <= 2.0.6 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.6.
6.5
CVE-2025-59552 - WordPress Save as PDF Plugin <= 4.5.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Dev Team Save as PDF save-as-pdf-by-pdfcrowd allows Stored XSS.This issue affects Save as PDF: from n/a through <= 4.5.2.