5.9
CVE-2025-53464 - WordPress WP Mailto Links Plugin <= 3.1.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Online Optimisation WP Mailto Links wp-mailto-links allows Stored XSS.This issue affects WP Mailto Links: from n/a through <= 3.1.4.
7.2
CVE-2025-53465 - WordPress GSheets Connector Plugin <= 1.1.1 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector sheetlink allows Object Injection.This issue affects GSheets Connector: from n/a through <= 1.1.1.
5.9
CVE-2025-53466 - WordPress Better Find and Replace Plugin <= 1.7.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Better Find and Replace real-time-auto-find-and-replace allows Stored XSS.This issue affects Better Find and Replace: from n/a through <= 1.7.6.
5.9
CVE-2025-53467 - WordPress Login-Logout Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Login-Logout login-logout allows Stored XSS.This issue affects Login-Logout: from n/a through <= 3.8.
8.5
CVE-2025-53468 - WordPress Wp tabber widget Plugin <= 4.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in [email protected] Wp tabber widget wp-tabber-widget allows SQL Injection.This issue affects Wp tabber widget: from n/a through <= 4.0.
5.9
CVE-2025-53469 - WordPress BMI Adult & Kid Calculator Plugin <= 1.2.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator bmi-adultkid-calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through <= 1.2.2.
6.5
CVE-2025-53570 - WordPress DELUCKS SEO plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Stored XSS.This issue affects DELUCKS SEO: from n/a through <= 2.7.2.
6.5
CVE-2025-57898 - WordPress WP Frontend Admin plugin <= 1.22.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Vega WP Frontend Admin display-admin-page-on-frontend allows Stored XSS.This issue affects WP Frontend Admin: from n/a through <= 1.22.7.
5.3
CVE-2025-57899 - WordPress WP Compress Plugin <= 6.50.54 - Broken Access Control Vulnerability
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Compress: from n/a through <= 6.50.54.
6.5
CVE-2025-57900 - WordPress GutenKit Plugin <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit gutenkit-blocks-addon allows Stored XSS.This issue affects GutenKit: from n/a through <= 2.4.2.