5.9
CVE-2025-58630 - WordPress Simple Matomo Tracking Code Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer Simple Matomo Tracking Code simple-matomo-tracking-code allows Stored XSS.This issue affects Simple Matomo Tracking Code: from n/a through <= 1.1.0.
6.5
CVE-2025-58626 - WordPress RumbleTalk Live Group Chat Plugin <= 6.3.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Stored XSS.This issue affects RumbleTalk Live Group Chat: from n/a through <= 6.3.5.
5.9
CVE-2025-58625 - WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through <= 5.2.5.
6.5
CVE-2025-58624 - WordPress Exchange Rates Plugin <= 1.2.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Exchange Rates exchange-rates allows Stored XSS.This issue affects Exchange Rates: from n/a through <= 1.2.5.
6.5
CVE-2025-58623 - WordPress Event Feed for Eventbrite Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bohemia Plugins Event Feed for Eventbrite event-feed-for-eventbrite allows DOM-Based XSS.This issue affects Event Feed for Eventbrite: from n/a through <= 1.3.2.
4.3
CVE-2025-58622 - WordPress Mobile Contact Line Plugin <= 2.4.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in yydevelopment Mobile Contact Line mobile-contact-line allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile Contact Line: from n/a through <= 2.4.0.
6.5
CVE-2025-58621 - WordPress PuzzleMe for WordPress Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amuse Labs PuzzleMe for WordPress puzzleme allows Stored XSS.This issue affects PuzzleMe for WordPress: from n/a through <= 1.2.0.
6.5
CVE-2025-58620 - WordPress PDF for WPForms Plugin <= 6.2.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Stored XSS.This issue affects PDF for WPForms: from n/a through <= 6.2.1.
6.5
CVE-2025-58618 - WordPress Pie Calendar Plugin <= 1.2.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar pie-calendar allows DOM-Based XSS.This issue affects Pie Calendar: from n/a through <= 1.2.8.
4.3
CVE-2025-58617 - WordPress F4 Media Taxonomies Plugin <= 1.1.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies f4-media-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects F4 Media Taxonomies: from n/a through <= 1.1.4.