5.9
CVE-2025-48360 - WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Stored XSS.This issue affects Varnish/Nginx Proxy Caching: from n/a through <= 1.8.3.
7.1
CVE-2025-48359 - WordPress ATT YouTube Widget plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT YouTube Widget att-youtube allows Stored XSS.This issue affects ATT YouTube Widget: from n/a through <= 1.0.
5.9
CVE-2025-48358 - WordPress Risk Free Cash On Delivery (COD) β WooCommerce plugin <= 1.0.4 - Cross Site Scripting (XSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in everythingwp Risk Free Cash On Delivery (COD) β WooCommerce risk-free-cash-on-delivery-cod-woocommerce allows Stored XSS.This issue affects Risk Free Cash On Delivery (COD) β WooCommerce: from n/a β¦
5.4
CVE-2025-48357 - WordPress Century ToolKit plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Aβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Theme Century Century ToolKit century-toolkit allows Cross Site Request Forgery.This issue affects Century ToolKit: from n/a through <= 1.2.1.
6.5
CVE-2025-48356 - WordPress Kanpress plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Isra Kanpress kanpress allows Stored XSS.This issue affects Kanpress: from n/a through <= 1.1.
6.5
CVE-2025-48354 - WordPress Better Post & Filter Widgets for Elementor plugin <= 1.6.1 - Cross Site Scripting (XSS) vβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Widgets Better Post & Filter Widgets for Elementor better-post-filter-widgets-for-elementor allows Stored XSS.This issue affects Better Post & Filter Widgets for Elementor: from n/a througβ¦
7.1
CVE-2025-48353 - WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank WordPress Plugin (Niche Storefront) clickbank-niche-storefronts allows Stored XSS.This issue affects Clickbank WordPress Plugin (Niche Storefront): from n/a through <= 1.3.5.
5.9
CVE-2025-48352 - WordPress Yandex Site search pinger plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sitesearch-yandex Yandex Site search pinger yandex-pinger allows Stored XSS.This issue affects Yandex Site search pinger: from n/a through <= 1.5.
7.1
CVE-2025-48351 - WordPress Kento Splash Screen plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulneβ¦
Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen kento-splash-screen allows Stored XSS.This issue affects Kento Splash Screen: from n/a through <= 1.4.
4.3
CVE-2025-48350 - WordPress AutoWP plugin <= 2.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AutoWP: from n/a through <= 2.2.7.