7.1
CVE-2025-58845 - WordPress Bulk Watermark Plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through <= 1.6.10.
7.1
CVE-2025-58844 - WordPress Database to Excel Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Database to Excel database-to-excel allows Stored XSS.This issue affects Database to Excel: from n/a through <= 1.0.
7.1
CVE-2025-58843 - WordPress Auto Last Youtube Video Plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto Last Youtube Video auto-last-youtube-video allows Stored XSS.This issue affects Auto Last Youtube Video: from n/a through <= 1.0.7.
6.5
CVE-2025-58842 - WordPress Donation Forms WP by Givecloud Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in givecloud Donation Forms WP by Givecloud donation-forms-by-givecloud allows Stored XSS.This issue affects Donation Forms WP by Givecloud: from n/a through <= 1.0.9.
5.5
CVE-2025-58841 - WordPress Media Author Plugin <= 1.0.4 - Broken Access Control Vulnerability
Incorrect Privilege Assignment vulnerability in John Luetke Media Author media-author allows Privilege Escalation.This issue affects Media Author: from n/a through <= 1.0.4.
6.5
CVE-2025-58840 - WordPress Custom Team Manager Plugin <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ibnul H. Custom Team Manager custom-team-manager allows Stored XSS.This issue affects Custom Team Manager: from n/a through <= 2.4.2.
7.2
CVE-2025-58839 - WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through <= 1.2.
6.5
CVE-2025-58838 - WordPress Smooth Accordion Plugin <= 2.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zakir Smooth Accordion smooth-accordion allows Stored XSS.This issue affects Smooth Accordion: from n/a through <= 2.1.
6.5
CVE-2025-58837 - WordPress SS Font Awesome Icon Plugin <= 4.1.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiful H SS Font Awesome Icon ss-font-awesome-icon allows Stored XSS.This issue affects SS Font Awesome Icon: from n/a through <= 4.1.3.
6.5
CVE-2025-58836 - WordPress FW Anker Plugin <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Franz Wieser FW Anker fw-anker allows Stored XSS.This issue affects FW Anker: from n/a through <= 1.2.6.