7.1
CVE-2025-58259 - WordPress Nokri Theme <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri nokri allows Cross Site Request Forgery.This issue affects Nokri: from n/a through <= 1.6.4.
6.5
CVE-2025-58260 - WordPress Highlight and Share β Social Text and Image Sharing plugin <= 5.1.1 - Cross Site Scriptinβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Stored XSS.This issue affects Highlight and Share: from n/a through <= 5.1.1.
7.1
CVE-2025-58261 - WordPress Mavis HTTPS to HTTP Redirection Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulneβ¦
Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection mavis-https-to-http-redirect allows Stored XSS.This issue affects Mavis HTTPS to HTTP Redirection: from n/a through <= 1.4.3.
7.1
CVE-2025-58262 - WordPress Sweet Energy Efficiency plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in WPDirectoryKit Sweet Energy Efficiency sweet-energy-efficiency allows Stored XSS.This issue affects Sweet Energy Efficiency: from n/a through <= 1.0.8.
6.5
CVE-2025-58263 - WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through <= 1.3.3.
6.5
CVE-2025-58264 - WordPress JupiterX Core Plugin <= 4.11.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artbees JupiterX Core jupiterx-core allows Stored XSS.This issue affects JupiterX Core: from n/a through <= 4.11.0.
6.5
CVE-2025-58265 - WordPress Events Manager β OpenStreetMaps Plugin <= 4.2.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps stonehenge-em-osm allows Stored XSS.This issue affects Events Manager – OpenStreetMaps: from n/a through <= 4.2.1.
5.9
CVE-2025-58266 - WordPress Gianism plugin <= 6.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through <= 6.0.0.
7.1
CVE-2025-58267 - WordPress Stock Message Plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Aftabul Islam Stock Message stock-message allows Stored XSS.This issue affects Stock Message: from n/a through <= 1.1.0.
7.1
CVE-2025-58268 - WordPress WPMK PDF Generator Plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in WPMK WPMK PDF Generator wpmk-pdf-generator allows Stored XSS.This issue affects WPMK PDF Generator: from n/a through <= 1.0.1.