6.5
CVE-2025-58002 - WordPress GD bbPress Tools plugin <= 3.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD bbPress Tools gd-bbpress-tools allows DOM-Based XSS.This issue affects GD bbPress Tools: from n/a through <= 3.5.3.
5.3
CVE-2025-58003 - WordPress Javo Core Plugin <= 3.0.0.266 - Broken Access Control Vulnerability
Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.266.
5.3
CVE-2025-58004 - WordPress DriCub Theme <= 2.9 - Broken Access Control Vulnerability
Missing Authorization vulnerability in SmartDataSoft DriCub dricub-driving-school allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DriCub: from n/a through <= 2.9.
5.4
CVE-2025-58005 - WordPress DriCub Theme <= 2.9 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft DriCub dricub-driving-school allows Server Side Request Forgery.This issue affects DriCub: from n/a through <= 2.9.
4.7
CVE-2025-58006 - WordPress WP Gravity Forms Keap/Infusionsoft plugin <= 1.2.6 - Open Redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Phishing.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through <= 1.2.6.
4.3
CVE-2025-58007 - WordPress Social Pug Plugin <= 1.35.2 - Sensitive Data Exposure Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Hubbub Lite social-pug allows Retrieve Embedded Sensitive Data.This issue affects Hubbub Lite: from n/a through <= 1.35.2.
6.5
CVE-2025-58008 - WordPress Participants Database Plugin <= 2.7.6.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xnau webdesign Participants Database participants-database allows Stored XSS.This issue affects Participants Database: from n/a through <= 2.7.6.3.
3.8
CVE-2025-58009 - WordPress CP Multi View Event Calendar plugin <= 1.4.36 - Broken Access Control vulnerability
Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.36.
4.3
CVE-2025-58010 - WordPress SV Proven Expert Plugin <= 2.0.06 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in straightvisions GmbH SV Proven Expert sv-provenexpert allows Cross Site Request Forgery.This issue affects SV Proven Expert: from n/a through <= 2.0.06.
6.4
CVE-2025-58011 - WordPress Content Mask plugin <= 1.8.5.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Alex Content Mask content-mask allows Server Side Request Forgery.This issue affects Content Mask: from n/a through <= 1.8.5.2.