7.1
CVE-2025-43832 - WordPress Remote Images Grabber plugin <= 0.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber remote-images-grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through <= 0.6.
7.1
CVE-2025-43836 - WordPress Syndicate Out <= 0.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in confuzzledduck Syndicate Out syndicate-out allows Reflected XSS.This issue affects Syndicate Out: from n/a through <= 0.9.
7.1
CVE-2025-43837 - WordPress Total Donations <= 3.0.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binti76 Total Donations total-donations allows Reflected XSS.This issue affects Total Donations: from n/a through <= 3.0.8.
6.5
CVE-2025-43838 - WordPress Custom PC Builder Lite for WooCommerce <= 1.0.1 - Settings Change Vulnerability
Missing Authorization vulnerability in ChoPlugins.com Custom PC Builder Lite for WooCommerce custom-pc-builder-lite-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through <= 1.0.1.
7.1
CVE-2025-43839 - WordPress BP Messages Tool plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Messages Tool bp-messages-tool allows Reflected XSS.This issue affects BP Messages Tool: from n/a through <= 2.2.
10
CVE-2025-47577 - WordPress TI WooCommerce Wishlist plugin <= 2.9.2 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2.
9.8
CVE-2025-47581 - WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - PHP Object Injection vโฆ
Deserialization of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through <= 2.6.0.
9.8
CVE-2025-47582 - WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0.
8.1
CVE-2025-27010 - WordPress Tastyc < 2.5.2 - Local File Inclusion Vulnerability
Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2.
7.1
CVE-2025-26997 - WordPress Wireless Butler plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler wireless-butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through <= 1.0.11.