6.5
CVE-2025-58237 - WordPress LC Wizard plugin <= 2.2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Stored XSS.This issue affects LC Wizard: from n/a through <= 2.2.4.
6.5
CVE-2025-58238 - WordPress PilotPress Plugin <= 2.0.36 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ONTRAPORT PilotPress pilotpress allows Stored XSS.This issue affects PilotPress: from n/a through <= 2.0.36.
6.5
CVE-2025-58239 - WordPress WP Category Dropdown Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandrika Sista WP Category Dropdown wp-category-dropdown allows Stored XSS.This issue affects WP Category Dropdown: from n/a through <= 1.9.
6.5
CVE-2025-58240 - WordPress xili-tidy-tags Plugin <= 1.12.06 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags xili-tidy-tags allows Stored XSS.This issue affects xili-tidy-tags: from n/a through <= 1.12.06.
6.5
CVE-2025-58241 - WordPress SnapWidget Social Photo Feed Widget Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snapwidget SnapWidget Social Photo Feed Widget snapwidget-wp-instagram-widget allows DOM-Based XSS.This issue affects SnapWidget Social Photo Feed Widget: from n/a through <= 1.1.0.
6.5
CVE-2025-58242 - WordPress Bg Church Memos Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vadim Bogaiskov Bg Church Memos bg-church-memos allows DOM-Based XSS.This issue affects Bg Church Memos: from n/a through <= 1.1.
5.9
CVE-2025-58245 - WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio portfolio allows DOM-Based XSS.This issue affects Portfolio : from n/a through <= 2.58.
8.8
CVE-2025-58244 - WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo constructo allows Object Injection.This issue affects Constructo: from n/a through <= 4.3.9.
5.3
CVE-2025-58247 - WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.
6.5
CVE-2025-58248 - WordPress Pinterest Pinboard Widget Plugin <= 1.0.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codefish Pinterest Pinboard Widget pinterest-pinboard-widget allows Stored XSS.This issue affects Pinterest Pinboard Widget: from n/a through <= 1.0.7.