6.5
CVE-2025-49310 - WordPress Frontend Dashboard plugin <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through <= 2.2.8.
6.5
CVE-2025-49309 - WordPress HT Team Member plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Team Member ht-team-member allows Stored XSS.This issue affects HT Team Member: from n/a through <= 1.1.7.
7.5
CVE-2025-49308 - WordPress WP Travel Engine plugin <= 6.5.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through <= 6.5.1.
7.5
CVE-2025-49307 - WordPress WP Multilang plugin <= 2.4.19 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magazine3 WP Multilang wp-multilang allows PHP Local File Inclusion.This issue affects WP Multilang: from n/a through <= 2.4.19.
6.5
CVE-2025-49306 - WordPress WP Social Widget plugin <= 2.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through <= 2.3.
6.5
CVE-2025-49305 - WordPress Product Catalog Simple plugin <= 1.8.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple post-type-x allows Stored XSS.This issue affects Product Catalog Simple: from n/a through <= 1.8.1.
6.5
CVE-2025-49304 - WordPress Search with Typesense plugin <= 2.0.10 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeManas Search with Typesense search-with-typesense allows Stored XSS.This issue affects Search with Typesense: from n/a through <= 2.0.10.
6.5
CVE-2025-49301 - WordPress Greenshift plugin <= 11.5.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows DOM-Based XSS.This issue affects Greenshift: from n/a through <= 11.5.5.
6.5
CVE-2025-49299 - WordPress WebHotelier plugin <= 1.9.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPlugged.com WebHotelier webhotelier allows Stored XSS.This issue affects WebHotelier: from n/a through <= 1.9.2.
6.5
CVE-2025-49298 - WordPress Event post plugin <= 5.10.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post allows Stored XSS.This issue affects Event post: from n/a through <= 5.10.1.