0.0
CVE-2025-26880 - WordPress SKT Skill Bar plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through <= 2.3.
0.0
CVE-2025-26870 - WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through <= 3.6.4.1.
0.0
CVE-2025-26749 - WordPress Additional Custom Product Tabs for WooCommerce plugin <= 1.7.0 - Cross Site Scripting (XSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce product-tabs-for-woocommerce allows Stored XSS.This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through <= 1.7.0.
0.0
CVE-2025-26748 - WordPress Arkhe theme <= 3.12.0 - CSRF to Local File Inclusion vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This issue affects Arkhe: from n/a through <= 3.12.0.
0.0
CVE-2025-26746 - WordPress Advanced Custom Fields: Link Picker Field plugin <= 1.2.8 - Reflected Cross Site Scriptinβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in caalami Advanced Custom Fields: Link Picker Field acf-link-picker-field allows Reflected XSS.This issue affects Advanced Custom Fields: Link Picker Field: from n/a through <= 1.2.8.
0.0
CVE-2025-26740 - WordPress SpaBiz plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware SpaBiz spabiz allows DOM-Based XSS.This issue affects SpaBiz: from n/a through <= 1.0.18.
7.5
CVE-2025-26730 - WordPress Macro Calculator with Admin Email Optin & Data plugin <= 1.0 - Multiple Vulnerabilities vβ¦
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0.
0.0
CVE-2025-22269 - WordPress Real Testimonials plugin <= 3.1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Stored XSS.This issue affects Real Testimonials: from n/a through <= 3.1.6.
0.0
CVE-2025-22268 - WordPress Uncanny Toolkit for LearnDash plugin <= 3.7.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue affects Uncanny Toolkit for LearnDash: from n/a through <= 3.7.0.1.
7.1
CVE-2025-22263 - WordPress Global Gallery plugin <= 8.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through 8.8.0.