0.0
CVE-2025-39525 - WordPress Logo Carousel Slider plugin <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Logo Carousel Slider logo-carousel-slider allows Stored XSS.This issue affects Logo Carousel Slider: from n/a through <= 2.1.3.
5.4
CVE-2025-39528 - WordPress Rescue Shortcodes plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes rescue-shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through <= 3.1.
0.0
CVE-2025-39529 - WordPress Scriptless Social Sharing plugin <= 3.3.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robin Cornett Scriptless Social Sharing scriptless-social-sharing allows Stored XSS.This issue affects Scriptless Social Sharing: from n/a through <= 3.3.0.
0.0
CVE-2025-39530 - WordPress Site Search 360 plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) to stored XSS vulneraβ¦
Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 site-search-360 allows Stored XSS.This issue affects Site Search 360: from n/a through <= 2.1.8.
0.0
CVE-2025-39531 - WordPress Slazzer Background Changer plugin <= 3.14 - Broken Access Control Vulnerability
Missing Authorization vulnerability in slazzercom Slazzer Background Changer slazzer-background-changer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slazzer Background Changer: from n/a through <= 3.14.
0.0
CVE-2025-39538 - WordPress WP-Advanced-Search plugin <= 3.3.9.4 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search wp-advanced-search allows Upload a Web Shell to a Web Server.This issue affects WP-Advanced-Search: from n/a through <= 3.3.9.4.
0.0
CVE-2025-39540 - WordPress WP Flipclock plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhys Wynne WP Flipclock wp-flipclock allows DOM-Based XSS.This issue affects WP Flipclock: from n/a through <= 1.9.1.
0.0
CVE-2025-39543 - WordPress Royal Elementor Addons plugin <= 1.3.977 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.3.977.
0.0
CVE-2025-39544 - WordPress WP Tools plugin <= 5.18 - CSRF to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in sminozzi WP Tools wptools allows Path Traversal.This issue affects WP Tools: from n/a through <= 5.18.
0.0
CVE-2025-39545 - WordPress REST API Authentication plugin <= 3.6.3 - Settings Change Vulnerability
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through <= 3.6.3.