6.5
CVE-2025-58227 - WordPress Podlove Subscribe button Plugin <= 1.3.11 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Lueken Podlove Subscribe button podlove-subscribe-button allows Stored XSS.This issue affects Podlove Subscribe button: from n/a through <= 1.3.11.
6.5
CVE-2025-58228 - WordPress Quick View for WooCommerce Plugin <= 2.2.16 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC Quick View for WooCommerce woo-quickview allows Stored XSS.This issue affects Quick View for WooCommerce: from n/a through <= 2.2.16.
6.5
CVE-2025-58229 - WordPress Sitekit Plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit sitekit allows Stored XSS.This issue affects Sitekit: from n/a through <= 2.0.
6.5
CVE-2025-58230 - WordPress ZoloBlocks plugin <= 2.3.12 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes ZoloBlocks zoloblocks allows DOM-Based XSS.This issue affects ZoloBlocks: from n/a through <= 2.3.12.
6.5
CVE-2025-58231 - WordPress Bitly plugin <= 2.8.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bitlydeveloper Bitly wp-bitly allows Stored XSS.This issue affects Bitly: from n/a through <= 2.8.0.
6.5
CVE-2025-58232 - WordPress Image Editor by Pixo Plugin <= 2.3.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ickata Image Editor by Pixo image-editor-by-pixo allows DOM-Based XSS.This issue affects Image Editor by Pixo: from n/a through <= 2.3.8.
6.5
CVE-2025-58233 - WordPress SQL Chart Builder Plugin <= 2.3.7.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Guaven Labs SQL Chart Builder sql-chart-builder allows DOM-Based XSS.This issue affects SQL Chart Builder: from n/a through <= 2.3.7.2.
6.5
CVE-2025-58234 - WordPress JS Job Manager Plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Job Manager js-jobs allows Stored XSS.This issue affects JS Job Manager: from n/a through <= 2.0.2.
6.5
CVE-2025-58235 - WordPress Front End Users plugin <= 3.2.35 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through <= 3.2.35.
4.3
CVE-2025-58236 - WordPress Force Update Translations plugin <= 0.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Mayo Moriyama Force Update Translations force-update-translations allows Cross Site Request Forgery.This issue affects Force Update Translations: from n/a through <= 0.5.