5.9
CVE-2025-50027 - WordPress Login/Signup Popup plugin <= 2.9.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signup Popup: from n/a through <= 2.9.4.
6.5
CVE-2025-50030 - WordPress Spark Multipurpose theme <= 1.0.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Spark Multipurpose spark-multipurpose allows DOM-Based XSS.This issue affects Spark Multipurpose: from n/a through <= 1.0.7.
6.5
CVE-2025-50033 - WordPress Fitness Park theme <= 1.1.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Fitness Park fitness-park allows DOM-Based XSS.This issue affects Fitness Park: from n/a through <= 1.1.1.
6.5
CVE-2025-50034 - WordPress Enhanced Blocks β Page Builder Blocks for Gutenberg plugin <= 1.4.1 - Broken Access Contrβ¦
Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks β Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Blocks β Page Builder Blocks for Gutenberg: from n/a through <= 1.4.1.
6.5
CVE-2025-50035 - WordPress Fyrebox Quizzes plugin <= 3.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyrilG Fyrebox Quizzes fyrebox-shortcode allows Stored XSS.This issue affects Fyrebox Quizzes: from n/a through <= 3.1.
6.5
CVE-2025-50036 - WordPress Mailing Group Listserv plugin <= 3.0.5 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows Cross Site Request Forgery.This issue affects Mailing Group Listserv: from n/a through <= 3.0.5.
6.5
CVE-2025-50037 - WordPress Buying Buddy IDX CRM plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows DOM-Based XSS.This issue affects Buying Buddy IDX CRM: from n/a through <= 2.3.0.
6.5
CVE-2025-50038 - WordPress Anant Addons for Elementor plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Stored XSS.This issue affects Anant Addons for Elementor: from n/a through <= 1.2.8.
6.5
CVE-2025-50041 - WordPress Gutenberg Blocks β ACF Blocks Suite plugin <= 2.6.11 - Cross Site Scripting (XSS) Vulneraβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Engine Gutenberg Blocks β ACF Blocks Suite acf-blocks allows Stored XSS.This issue affects Gutenberg Blocks β ACF Blocks Suite: from n/a through <= 2.6.11.
6.5
CVE-2025-50042 - WordPress WP Register Profile With Shortcode plugin <= 3.6.3 - Cross Site Scripting (XSS) Vulnerabiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Register Profile With Shortcode wp-register-profile-with-shortcode allows Stored XSS.This issue affects WP Register Profile With Shortcode: from n/a through <= 3.6.3.