5.3
CVE-2025-57921 - WordPress Frontend File Manager plugin <= 23.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.3.
5.3
CVE-2025-57922 - WordPress EnvΓos Coordinadora Woocommerce plugin <= 1.1.32 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Coordinadora Mercantil S.A. EnvΓos Coordinadora Woocommerce coordinadora allows Retrieve Embedded Sensitive Data.This issue affects EnvΓos Coordinadora Woocommerce: from n/a through <= 1.1.32.
5.3
CVE-2025-57923 - WordPress UK Address Postcode Validation plugin <= 3.9.2 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Ideal Postcodes UK Address Postcode Validation uk-address-postcode-validation allows Retrieve Embedded Sensitive Data.This issue affects UK Address Postcode Validation: from n/a through <= 3.9.2.
4.3
CVE-2025-57924 - WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer developer allows Cross Site Request Forgery.This issue affects Developer: from n/a through <= 1.2.6.
7.5
CVE-2025-57925 - WordPress immonex Kickstart Team Plugin <= 1.6.9 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart Team immonex-kickstart-team allows PHP Local File Inclusion.This issue affects immonex Kickstart Team: from n/a through <= 1.6.9.
6.5
CVE-2025-57926 - WordPress Passster Plugin <= 4.2.18 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Passster content-protector allows Stored XSS.This issue affects Passster: from n/a through <= 4.2.18.
4.3
CVE-2025-57927 - WordPress Dashboard Notepad Plugin <= 1.42 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad dashboard-notepad allows Cross Site Request Forgery.This issue affects Dashboard Notepad: from n/a through <= 1.42.
5.3
CVE-2025-57928 - WordPress AWP Classifieds plugin <= 4.4.3 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Code Injection.This issue affects AWP Classifieds: from n/a through <= 4.4.3.
5.9
CVE-2025-57929 - WordPress Double the Donation Plugin <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kanwei_doublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through <= 2.0.0.
4.3
CVE-2025-57930 - WordPress Double the Donation Plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation double-the-donation allows Cross Site Request Forgery.This issue affects Double the Donation: from n/a through <= 2.0.0.