5.9
CVE-2025-58825 - WordPress Comment Form WP β Customize Default Comment Form plugin <= 2.0.1 - Cross Site Scripting (β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Comment Form WP β Customize Default Comment Form comment-form-wp allows Stored XSS.This issue affects Comment Form WP β Customize Default Comment Form: from n/a through <= 2.0.1.
4.3
CVE-2025-58824 - WordPress Shk Corporate Theme <= 2.4.1.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in priyanshumittal Shk Corporate shk-corporate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shk Corporate: from n/a through <= 2.4.1.1.
6.5
CVE-2025-58823 - WordPress Get Cash plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The African Boss Get Cash get-cash allows Stored XSS.This issue affects Get Cash: from n/a through <= 3.2.3.
6.5
CVE-2025-58822 - WordPress WP Mail Plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows DOM-Based XSS.This issue affects WP Mail: from n/a through <= 1.3.
5.9
CVE-2025-58821 - WordPress WP Notification Bell plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdever WP Notification Bell wp-notification-bell allows Stored XSS.This issue affects WP Notification Bell: from n/a through <= 1.4.6.
5.9
CVE-2025-58820 - WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate carousel allows Stored XSS.This issue affects Carousel Ultimate: from n/a through <= 1.8.
9.1
CVE-2025-58819 - WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through <= 1.2.4.
5.4
CVE-2025-58818 - WordPress Developer Tools Blocker Plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Developer Tools Blocker swiftninjapro-inspect-element-console-blocker allows Cross Site Request Forgery.This issue affects Developer Tools Blocker: from n/a through <= 3.2.1.
4.3
CVE-2025-58817 - WordPress SoftMe Theme <= 1.1.27 - Broken Access Control Vulnerability
Missing Authorization vulnerability in desertthemes SoftMe softme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoftMe: from n/a through <= 1.1.27.
3.5
CVE-2025-58816 - WordPress Product Carousel Slider for Elementor Plugin <= 2.1.3 - Broken Access Control Vulnerabiliβ¦
Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor ecommerce-product-carousel-slider-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Carousel Slider for Elementor: from n/a through <= 2.1.3.