6.5
CVE-2025-28957 - WordPress OwnerRez API plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OwnerRez OwnerRez API ownerrez allows Stored XSS.This issue affects OwnerRez API: from n/a through <= 1.2.1.
9.1
CVE-2025-28951 - WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through <= 1.2.4.
4.6
CVE-2025-27358 - WordPress Frontend File Manager plugin <= 23.6 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Code Injection.This issue affects Frontend File Manager: from n/a through <= 23.6.
6.5
CVE-2025-27326 - WordPress Video Gallery Block plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Video Gallery Block video-gallery-block allows Stored XSS.This issue affects Video Gallery Block: from n/a through <= 1.1.0.
6.5
CVE-2025-26591 - WordPress WP fancybox plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam WP fancybox wp-fancybox allows Stored XSS.This issue affects WP fancybox: from n/a through <= 1.0.3.
6.5
CVE-2025-24764 - WordPress (Simply) Guest Author Name plugin <= 4.36 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A. Jones (Simply) Guest Author Name guest-author-name allows DOM-Based XSS.This issue affects (Simply) Guest Author Name: from n/a through <= 4.36.
5.3
CVE-2025-24757 - WordPress uDesign theme <= 4.11.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in AndonDesign uDesign udesign.This issue affects uDesign: from n/a through <= 4.11.2.
5.3
CVE-2025-24748 - WordPress Avada theme <= 7.11.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10.
5.9
CVE-2025-24735 - WordPress Chatra Live Chat + ChatBot + Cart Saver plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chatra Chatra Live Chat + ChatBot + Cart Saver allows Stored XSS. This issue affects Chatra Live Chat + ChatBot + Cart Saver: from n/a through 1.0.11.
4.3
CVE-2025-23972 - WordPress Contact Form 7 reCAPTCHA plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA contact-form-7-recaptcha allows Cross Site Request Forgery.This issue affects Contact Form 7 reCAPTCHA: from n/a through <= 1.2.0.