4.3
CVE-2025-49052 - WordPress Netease Music plugin <= 3.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Dariolee Netease Music allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netease Music: from n/a through 3.2.1.
5.9
CVE-2025-49053 - WordPress WP Airdrop Manager plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager allows Stored XSS. This issue affects WP Airdrop Manager: from n/a through 1.0.5.
7.1
CVE-2025-49054 - WordPress Time Sheets plugin <= 2.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets allows Reflected XSS. This issue affects Time Sheets: from n/a through 2.1.3.
7.1
CVE-2025-49056 - WordPress 多说社会化评论框 Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 allows Reflected XSS. This issue affects 多说社会化评论框: from n/a through 1.2.
7.1
CVE-2025-49057 - WordPress WP Voting Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting allows Reflected XSS. This issue affects WP Voting: from n/a through 1.8.
7.1
CVE-2025-49058 - WordPress SoundSt SEO Search plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search allows Reflected XSS. This issue affects SoundSt SEO Search: from n/a through 1.2.3.
9.3
CVE-2025-49059 - WordPress CleverReach® WP Plugin <= 1.5.20 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP allows SQL Injection. This issue affects CleverReach® WP: from n/a through 1.5.20.
6.5
CVE-2025-49061 - WordPress Porn Videos Embed plugin <= 0.9.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed allows Stored XSS. This issue affects Porn Videos Embed: from n/a through 0.9.1.
7.1
CVE-2025-49062 - WordPress WP-jScrollPane plugin <= 2.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS. This issue affects WP-jScrollPane: from n/a through 2.0.3.
7.1
CVE-2025-49063 - WordPress BaiduXZH Submit(百度熊掌号) plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerabili…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS. This issue affects BaiduXZH Submit(百度熊掌号): from n/a through 1.4.6.