5.3
CVE-2025-58835 - WordPress Bonus for Woo plugin <= 7.6.6 - Other vulnerability Type vulnerability
Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through <= 7.6.6.
6.5
CVE-2025-58834 - WordPress short.io Plugin <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gugu short.io wp-shortcm allows DOM-Based XSS.This issue affects short.io: from n/a through <= 2.4.2.
8.8
CVE-2025-58833 - WordPress Invelity MyGLS connect Plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1.
5.9
CVE-2025-58832 - WordPress Search by Google Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Search by Google search-google allows Stored XSS.This issue affects Search by Google: from n/a through <= 1.9.
4.3
CVE-2025-58831 - WordPress Parallax Scrolling Enllax.js Plugin <= 0.0.6 - Cross Site Request Forgery (CSRF) Vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Cross Site Request Forgery.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6.
6.5
CVE-2025-58830 - WordPress Parallax Scrolling Enllax.js Plugin <= 0.0.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Stored XSS.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6.
4.9
CVE-2025-58829 - WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.3β¦
Server-Side Request Forgery (SSRF) vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Server Side Request Forgery.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= β¦
6.5
CVE-2025-58828 - WordPress μ½λμ μ΅ μμ ν‘ plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemstory μ½λμ μ΅ μμ ν‘ mshop-naver-talktalk allows Stored XSS.This issue affects μ½λμ μ΅ μμ ν‘: from n/a through <= 1.2.2.
3.8
CVE-2025-58827 - WordPress Job Board Manager Plugin <= 2.1.61 - Content Injection Vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in PickPlugins Job Board Manager job-board-manager allows Code Injection.This issue affects Job Board Manager: from n/a through <= 2.1.61.
6.5
CVE-2025-58826 - WordPress WP Publication Archive Plugin <= 3.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Mann WP Publication Archive wp-publication-archive allows Stored XSS.This issue affects WP Publication Archive : from n/a through <= 3.0.1.