5.9
CVE-2025-30938 - WordPress Broadly for WordPress plugin <= 3.0.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in broadly Broadly for WordPress broadly allows Stored XSS.This issue affects Broadly for WordPress: from n/a through <= 3.0.2.
5.9
CVE-2025-30939 - WordPress IFrame Widget plugin <= 4.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a through <= 4.1.
5.9
CVE-2025-30940 - WordPress Melipayamak plugin <= 2.2.12 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in melipayamak Melipayamak melipayamak allows Stored XSS.This issue affects Melipayamak: from n/a through <= 2.2.12.
5.9
CVE-2025-30941 - WordPress Pinterest Verify Meta Tag plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marvie Pons Pinterest Verify Meta Tag pinterest-verify-meta-tag allows Stored XSS.This issue affects Pinterest Verify Meta Tag: from n/a through <= 1.3.
5.9
CVE-2025-30942 - WordPress Post Custom Templates Lite plugin <= 1.14 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Post Custom Templates Lite post-custom-templates-lite allows Stored XSS.This issue affects Post Custom Templates Lite: from n/a through <= 1.14.
5.3
CVE-2025-30945 - WordPress Taskbuilder plugin <= 4.0.7 - Broken Access Control Vulnerability
Missing Authorization vulnerability in taskbuilder Taskbuilder taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Taskbuilder: from n/a through <= 4.0.7.
4.3
CVE-2025-30946 - WordPress Custom Bulk/Quick Edit plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Michael Cannon Custom Bulk/Quick Edit custom-bulkquick-edit allows Cross Site Request Forgery.This issue affects Custom Bulk/Quick Edit: from n/a through <= 1.6.10.
4.3
CVE-2025-30948 - WordPress Layouts for Elementor plugin <= 1.11 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Giraphix Creative Layouts for Elementor layouts-for-elementor allows Cross Site Request Forgery.This issue affects Layouts for Elementor: from n/a through <= 1.11.
6.5
CVE-2025-30950 - WordPress All Currencies for WooCommerce plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham All Currencies for WooCommerce woocommerce-all-currencies allows Stored XSS.This issue affects All Currencies for WooCommerce: from n/a through <= 2.4.3.
6.5
CVE-2025-30951 - WordPress BlockStrap Page Builder - Bootstrap Blocks plugin <= 0.1.36 - Cross Site Scripting (XSS) โฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stiofan BlockStrap Page Builder - Bootstrap Blocks blockstrap-page-builder-blocks allows Stored XSS.This issue affects BlockStrap Page Builder - Bootstrap Blocks: from n/a through <= 0.1.36.