6.5
CVE-2025-49314 - WordPress BRW plugin <= 1.8.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ovatheme BRW ova-brw allows Stored XSS.This issue affects BRW: from n/a through <= 1.8.6.
7.5
CVE-2025-49313 - WordPress BRW plugin <= 1.8.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue affects BRW: from n/a through <= 1.8.6.
6.5
CVE-2025-49311 - WordPress The Events Calendar Countdown Addon plugin <= 1.4.9 - Cross Site Scripting (XSS) Vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Stored XSS.This issue affects The Events Calendar Countdown Addon: from n/a through <= 1.4.9.
6.5
CVE-2025-49310 - WordPress Frontend Dashboard plugin <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through <= 2.2.8.
6.5
CVE-2025-49309 - WordPress HT Team Member plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Team Member ht-team-member allows Stored XSS.This issue affects HT Team Member: from n/a through <= 1.1.7.
7.5
CVE-2025-49308 - WordPress WP Travel Engine plugin <= 6.5.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through <= 6.5.1.
7.5
CVE-2025-49307 - WordPress WP Multilang plugin <= 2.4.19 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magazine3 WP Multilang wp-multilang allows PHP Local File Inclusion.This issue affects WP Multilang: from n/a through <= 2.4.19.
6.5
CVE-2025-49306 - WordPress WP Social Widget plugin <= 2.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through <= 2.3.
6.5
CVE-2025-49305 - WordPress Product Catalog Simple plugin <= 1.8.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple post-type-x allows Stored XSS.This issue affects Product Catalog Simple: from n/a through <= 1.8.1.
6.5
CVE-2025-49304 - WordPress Search with Typesense plugin <= 2.0.10 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeManas Search with Typesense search-with-typesense allows Stored XSS.This issue affects Search with Typesense: from n/a through <= 2.0.10.