4.3
CVE-2025-58249 - WordPress Qubely Plugin <= 1.8.14 - Sensitive Data Exposure Vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Themeum Qubely qubely allows Retrieve Embedded Sensitive Data.This issue affects Qubely: from n/a through <= 1.8.14.
8.8
CVE-2025-58250 - WordPress Findgo Theme <= 1.3.55 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo fingo allows Authentication Bypass.This issue affects Findgo: from n/a through <= 1.3.55.
4.3
CVE-2025-58251 - WordPress Sticky Header Effects for Elementor Plugin <= 2.1.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor sticky-header-effects-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header Effects for Elementor: from n/a through <= 2.1.2.
4.3
CVE-2025-58252 - WordPress Getwid Plugin <= 2.1.2 - Sensitive Data Exposure Vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in jetmonsters Getwid getwid allows Retrieve Embedded Sensitive Data.This issue affects Getwid: from n/a through <= 2.1.2.
6.5
CVE-2025-58253 - WordPress Real Estate Manager Plugin <= 7.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows DOM-Based XSS.This issue affects Real Estate Manager: from n/a through <= 7.3.
6.5
CVE-2025-58254 - WordPress StylePress for Elementor Plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dtbaker StylePress for Elementor full-site-builder-for-elementor allows Stored XSS.This issue affects StylePress for Elementor: from n/a through <= 1.2.1.
9.6
CVE-2025-58255 - WordPress Custom Post Type Images Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through <= 0.5.
5.9
CVE-2025-58256 - WordPress DOAJ Export Plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Brinley DOAJ Export doaj-export allows Stored XSS.This issue affects DOAJ Export: from n/a through <= 1.0.4.
6.5
CVE-2025-58257 - WordPress Verowa Connect plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Stored XSS.This issue affects Verowa Connect: from n/a through <= 3.2.3.
4.3
CVE-2025-58258 - WordPress Lazy Blocks Plugin <= 4.1.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in nK Lazy Blocks lazy-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lazy Blocks: from n/a through <= 4.1.0.