6.5

CVSS3.1

CVE-2025-58616 - WordPress Frisbii Pay Plugin <= 1.8.2.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Frisbii Frisbii Pay reepay-checkout-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frisbii Pay: from n/a through <= 1.8.2.1.

📅 Published: Sept. 3, 2025, 2:36 p.m. 🔄 Last Modified: April 23, 2026, 3:33 p.m.

4.4

CVSS3.1

CVE-2025-58615 - WordPress WP Bannerize Pro Plugin <= 1.10.0 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Server Side Request Forgery.This issue affects WP Bannerize Pro: from n/a through <= 1.10.0.

📅 Published: Sept. 3, 2025, 2:36 p.m. 🔄 Last Modified: April 23, 2026, 3:33 p.m.

6.5

CVSS3.1

CVE-2025-58614 - WordPress Tooltipy Plugin <= 5.5.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through <= 5.5.6.

📅 Published: Sept. 3, 2025, 2:36 p.m. 🔄 Last Modified: April 23, 2026, 3:33 p.m.

5.3

CVSS3.1

CVE-2025-58613 - WordPress Posts Table with Search & Sort Plugin <= 1.4.10 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort posts-data-table allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Table with Search & Sort: from n/a through <= 1.4.10.

📅 Published: Sept. 3, 2025, 2:36 p.m. 🔄 Last Modified: April 23, 2026, 3:33 p.m.

6.5

CVSS3.1

CVE-2025-58612 - WordPress PropertyHive Plugin <= 2.1.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Stored XSS.This issue affects PropertyHive: from n/a through <= 2.1.5.

📅 Published: Sept. 3, 2025, 2:36 p.m. 🔄 Last Modified: April 23, 2026, 3:33 p.m.

4.3

CVSS3.1

CVE-2025-58611 - WordPress Tickera Plugin <= 3.5.5.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera tickera-event-ticketing-system allows Cross Site Request Forgery.This issue affects Tickera: from n/a through <= 3.5.5.6.

📅 Published: Sept. 3, 2025, 2:36 p.m. 🔄 Last Modified: April 23, 2026, 3:33 p.m.

6.5

CVSS3.1

CVE-2025-58610 - WordPress Gallery PhotoBlocks Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows Stored XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.1.

📅 Published: Sept. 3, 2025, 2:36 p.m. 🔄 Last Modified: April 23, 2026, 3:33 p.m.

6.5

CVSS3.1

CVE-2025-58609 - WordPress Latest Post Shortcode Plugin <= 14.0.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Stored XSS.This issue affects Latest Post Shortcode: from n/a through <= 14.0.3.

📅 Published: Sept. 3, 2025, 2:36 p.m. 🔄 Last Modified: April 23, 2026, 3:33 p.m.

7.5

CVSS3.1

CVE-2025-58608 - WordPress MediaPress Plugin <= 1.5.9.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress mediapress allows PHP Local File Inclusion.This issue affects MediaPress: from n/a through <= 1.5.9.1.

📅 Published: Sept. 3, 2025, 2:36 p.m. 🔄 Last Modified: April 23, 2026, 3:33 p.m.

6.5

CVSS3.1

CVE-2025-58607 - WordPress Cookie Notice & Consent Banner for GDPR & CCPA Compliance Plugin <= 1.7.11 - Cross Site S…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance cookie-notice-and-consent-banner allows Stored XSS.This issue affects Cookie Notice & Consent Banner for GDPR & CCPA Compliance: …

📅 Published: Sept. 3, 2025, 2:36 p.m. 🔄 Last Modified: April 28, 2026, 4:13 p.m.

CVE Authored by @ncilengir

6.5

CVE-2025-58616 - WordPress Frisbii Pay Plugin <= 1.8.2.1 - Broken Access Control Vulnerability

4.4

CVE-2025-58615 - WordPress WP Bannerize Pro Plugin <= 1.10.0 - Server Side Request Forgery (SSRF) Vulnerability

6.5

CVE-2025-58614 - WordPress Tooltipy Plugin <= 5.5.6 - Cross Site Scripting (XSS) Vulnerability

5.3

CVE-2025-58613 - WordPress Posts Table with Search & Sort Plugin <= 1.4.10 - Broken Access Control Vulnerability

6.5

CVE-2025-58612 - WordPress PropertyHive Plugin <= 2.1.5 - Cross Site Scripting (XSS) Vulnerability

4.3

CVE-2025-58611 - WordPress Tickera Plugin <= 3.5.5.6 - Cross Site Request Forgery (CSRF) Vulnerability

6.5

CVE-2025-58610 - WordPress Gallery PhotoBlocks Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability

6.5

CVE-2025-58609 - WordPress Latest Post Shortcode Plugin <= 14.0.3 - Cross Site Scripting (XSS) Vulnerability

7.5

CVE-2025-58608 - WordPress MediaPress Plugin <= 1.5.9.1 - Local File Inclusion Vulnerability

6.5

CVE-2025-58607 - WordPress Cookie Notice & Consent Banner for GDPR & CCPA Compliance Plugin <= 1.7.11 - Cross Site S…