7.1
CVE-2025-58855 - WordPress AP HoneyPot WordPress Plugin Plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerabilβ¦
Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V (Artprima) AP HoneyPot WordPress Plugin ap-honeypot allows Reflected XSS.This issue affects AP HoneyPot WordPress Plugin: from n/a through <= 1.4.
7.1
CVE-2025-58854 - WordPress Ultimate AJAX Login Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Samer Bechara Ultimate AJAX Login ultimate-ajax-login allows Reflected XSS.This issue affects Ultimate AJAX Login: from n/a through <= 1.2.1.
7.1
CVE-2025-58853 - WordPress Popping Sidebars and Widgets Light Plugin <= 1.27 - Cross Site Request Forgery (CSRF) Vulβ¦
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Reflected XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through <= 1.27.
7.1
CVE-2025-58852 - WordPress MSTW League Manager Plugin <= 2.10 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Mark O'Donnell MSTW League Manager mstw-league-manager allows Stored XSS.This issue affects MSTW League Manager: from n/a through <= 2.10.
6.5
CVE-2025-58851 - WordPress Boxed Content Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Boxed Content boxed-content allows Stored XSS.This issue affects Boxed Content: from n/a through <= 1.0.
6.5
CVE-2025-58850 - WordPress Showpass WordPress Extension Plugin <= 4.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marcshowpass Showpass WordPress Extension showpass allows Stored XSS.This issue affects Showpass WordPress Extension: from n/a through <= 4.0.3.
7.1
CVE-2025-58849 - WordPress Hide Real Download Path Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Deepak S Hide Real Download Path hide-real-download-path allows Stored XSS.This issue affects Hide Real Download Path: from n/a through <= 1.6.
7.1
CVE-2025-58848 - WordPress WP likes Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through <= 3.1.1.
7.1
CVE-2025-58847 - WordPress WN Flipbox Pro Plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Yaidier WN Flipbox Pro wn-flipbox-pro allows Reflected XSS.This issue affects WN Flipbox Pro: from n/a through <= 2.1.
7.1
CVE-2025-58846 - WordPress WordPress Buffer β HYPESocial. Social Media Auto Post, Social Media Auto Publish and Scheβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer β HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.This issue affects WordPress Buffer β HYPESocial. Social Media Auto Post, Social Media Auto Publish andβ¦