6.5
CVE-2025-59587 - WordPress Penci Shortcodes & Performance Plugin < 6.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through < 6.1.
7.5
CVE-2025-59588 - WordPress Soledad Theme <= 8.6.8 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through <= 8.6.8.
5.9
CVE-2025-59590 - WordPress Media Library Assistant Plugin <= 3.28 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through <= 3.28.
6.5
CVE-2025-59589 - WordPress Soledad Theme <= 8.6.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8.6.8.
4.3
CVE-2025-59591 - WordPress wpDiscuz Plugin <= 7.6.33 - Broken Access Control Vulnerability
Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.33.
6.5
CVE-2025-59592 - WordPress Make Column Clickable Elementor Plugin <= 1.6.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Acosta Make Column Clickable Elementor make-column-clickable-elementor allows Stored XSS.This issue affects Make Column Clickable Elementor: from n/a through <= 1.6.0.
7.5
CVE-2025-53450 - WordPress Easy Pricing Table WP Plugin <= 1.1.3 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table WP easy-pricing-table-wp allows PHP Local File Inclusion.This issue affects Easy Pricing Table WP: from n/a through <= 1.1.3.
4.3
CVE-2025-53452 - WordPress Event Rocket Plugin <= 3.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Barry Event Rocket event-rocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Rocket: from n/a through <= 3.3.
5.4
CVE-2025-53451 - WordPress Mihdan: No External Links Plugin <= 5.1.6.2 - Cross Site Request Forgery (CSRF) Vulnerabiβ¦
Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links mihdan-no-external-links allows Cross Site Request Forgery.This issue affects Mihdan: No External Links: from n/a through <= 5.1.6.2.
6.5
CVE-2025-53454 - WordPress Ultimate WP Mail Plugin <= 1.3.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Stored XSS.This issue affects Ultimate WP Mail: from n/a through <= 1.3.8.