7.1
CVE-2025-54044 - WordPress Elite Video Player <= 10.0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Reflected XSS.This issue affects Elite Video Player: from n/a through <= 10.0.5.
6.5
CVE-2025-54046 - WordPress Cost Calculator Plugin <= 7.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator ql-cost-calculator allows Stored XSS.This issue affects Cost Calculator: from n/a through <= 7.4.
9.3
CVE-2025-54048 - WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through <= 4.2.2.
9.9
CVE-2025-54049 - WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through <= 4.2.2.
7.5
CVE-2025-54052 - WordPress Realtyna Organic IDX plugin <= 5.0.0 - Local File Inclusion Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows PHP Local File Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through <= 5.0.0.
6.6
CVE-2025-54053 - WordPress Groundhogg plugin <= 4.2.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Adrian Tobey Groundhogg groundhogg allows Object Injection.This issue affects Groundhogg: from n/a through <= 4.2.2.
7.1
CVE-2025-54055 - WordPress Druco <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco druco allows Reflected XSS.This issue affects Druco: from n/a through <= 1.5.2.
7.1
CVE-2025-54056 - WordPress Responsive HTML5 Audio Player PRO With Playlist <= 3.5.8 - Cross Site Scripting (XSS) Vulโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows Reflected XSS.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through <= 3.5.8.
7.1
CVE-2025-54670 - WordPress oik Plugin <= 4.15.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows Reflected XSS.This issue affects oik: from n/a through <= 4.15.2.
9.1
CVE-2025-54677 - WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 - Arbitrary Fโฆ
Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Using Malicious Files.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.5.3.