5.9
CVE-2025-57982 - WordPress Advance Portfolio Grid plugin <= 1.07.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean Advance Portfolio Grid advance-portfolio-grid allows Stored XSS.This issue affects Advance Portfolio Grid: from n/a through <= 1.07.6.
6.5
CVE-2025-57983 - WordPress BP Disable Activation Reloaded Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded bp-disable-activation-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Disable Activation Reloaded: from n/a through <= 1.2.1.
4.4
CVE-2025-57984 - WordPress MakeStories (for Google Web Stories) Plugin <= 3.0.4 - Server Side Request Forgery (SSRF)β¦
Server-Side Request Forgery (SSRF) vulnerability in Pratik Ghela MakeStories (for Google Web Stories) makestories-helper allows Server Side Request Forgery.This issue affects MakeStories (for Google Web Stories): from n/a through <= 3.0.4.
4.3
CVE-2025-57985 - WordPress Ultimate Watermark Plugin <= 1.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in MantraBrain Ultimate Watermark ultimate-watermark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Watermark: from n/a through <= 1.1.
6.5
CVE-2025-57986 - WordPress WP Subtitle plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in husani WP Subtitle wp-subtitle allows Stored XSS.This issue affects WP Subtitle: from n/a through <= 3.4.1.
5.3
CVE-2025-57987 - WordPress WP Events Manager Plugin <= 2.2.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ThimPress WP Events Manager wp-events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Events Manager: from n/a through <= 2.2.1.
6.5
CVE-2025-57988 - WordPress Uncanny Toolkit for LearnDash Plugin <= 3.7.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue affects Uncanny Toolkit for LearnDash: from n/a through <= 3.7.0.3.
6.5
CVE-2025-57989 - WordPress WordPress Widgets Shortcode Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through <= 1.0.3.
5.4
CVE-2025-57990 - WordPress Blog Designer Plugin <= 3.1.8 - Broken Access Control Vulnerability
Missing Authorization vulnerability in solwininfotech Blog Designer blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blog Designer: from n/a through <= 3.1.8.
5.4
CVE-2025-57991 - WordPress Clariti Plugin <= 1.2.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Clariti Clariti clariti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clariti: from n/a through <= 1.2.1.