6.5
CVE-2025-58022 - WordPress ShortCode Plugin <= 0.8.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maxpagels ShortCode shortcode allows Stored XSS.This issue affects ShortCode: from n/a through <= 0.8.1.
6.5
CVE-2025-58023 - WordPress Genealogical Tree plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in akdevs Genealogical Tree genealogical-tree allows Stored XSS.This issue affects Genealogical Tree: from n/a through <= 2.2.8.
6.5
CVE-2025-58025 - WordPress Master Slider Plugin <= 3.11.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider master-slider allows Stored XSS.This issue affects Master Slider: from n/a through <= 3.11.0.
6.5
CVE-2025-58026 - WordPress Termageddon: Cookie Consent & Privacy Compliance Plugin <= 1.8.1 - Cross Site Scripting (β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in termageddon Termageddon: Cookie Consent & Privacy Compliance termageddon-usercentrics allows Stored XSS.This issue affects Termageddon: Cookie Consent & Privacy Compliance: from n/a through <= 1.8.β¦
6.5
CVE-2025-58027 - WordPress NGG Smart Image Search Plugin <= 3.4.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows Stored XSS.This issue affects NGG Smart Image Search: from n/a through <= 3.4.3.
6.5
CVE-2025-58028 - WordPress Designil PDPA Thailand plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aum Watcharapon Designil PDPA Thailand pdpa-thailand allows Stored XSS.This issue affects Designil PDPA Thailand: from n/a through <= 2.0.1.
5.3
CVE-2025-58029 - WordPress Classic Widgets with Block-based Widgets Plugin <= 1.0.1 - Broken Access Control Vulnerabβ¦
Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets classic-widgets-with-block-based-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Classic Widgets with Block-based Widgets: from n/a through <= 1.0.1.
6.5
CVE-2025-58030 - WordPress Page-list Plugin <= 5.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Page-list page-list allows Stored XSS.This issue affects Page-list: from n/a through <= 5.8.
6.5
CVE-2025-58031 - WordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through <= 3.1.19.
4.3
CVE-2025-58032 - WordPress WP Compiler Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Bytes.co WP Compiler wp-compiler allows Cross Site Request Forgery.This issue affects WP Compiler: from n/a through <= 1.0.0.