5.9
CVE-2025-58033 - WordPress Draft Plugin <= 3.0.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leeshadle Draft website-builder allows Stored XSS.This issue affects Draft: from n/a through <= 3.0.9.
4.3
CVE-2025-58199 - WordPress Fastly plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through <= 1.2.28.
4.3
CVE-2025-58200 - WordPress Flexible FAQ Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ flexible-faq allows Cross Site Request Forgery.This issue affects Flexible FAQ: from n/a through <= 0.2.
4.3
CVE-2025-58219 - WordPress Show Pages List Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List show-pages-list allows Cross Site Request Forgery.This issue affects Show Pages List: from n/a through <= 1.2.0.
6.5
CVE-2025-58220 - WordPress Card Elements for WPBakery plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Techeshta Card Elements for WPBakery card-elements-for-wpbakery allows DOM-Based XSS.This issue affects Card Elements for WPBakery: from n/a through <= 1.0.9.
4.3
CVE-2025-58221 - WordPress PilotPress Plugin <= 2.0.36 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ONTRAPORT PilotPress pilotpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PilotPress: from n/a through <= 2.0.36.
5.3
CVE-2025-58222 - WordPress Team Manager plugin <= 2.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Maidul Team Manager wp-team-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Manager: from n/a through <= 2.5.1.
5.4
CVE-2025-58224 - WordPress Printeers Print & Ship Plugin <= 1.17.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Printeers Printeers Print & Ship invition-print-ship allows Cross Site Request Forgery.This issue affects Printeers Print & Ship: from n/a through <= 1.17.0.
5.9
CVE-2025-58223 - WordPress VoucherPress Plugin <= 1.5.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Taylor VoucherPress voucherpress allows Stored XSS.This issue affects VoucherPress: from n/a through <= 1.5.7.
5.3
CVE-2025-58226 - WordPress 3D FlipBook β PDF Flipbook Viewer, Flipbook Image Gallery Plugin <= 1.16.16 - Sensitive Dβ¦
Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook β PDF Flipbook Viewer, Flipbook Image Gallery interactive-3d-flipbook-powered-physics-engine allows Retrieve Embedded Sensitive Data.This issue affects 3D FlipBook β PDF Flipbook Viewer, Flipbook Image Gallerβ¦