7.1
CVE-2025-24640 - WordPress Empty Tags Remover Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan-Lucian Stefancu Empty Tags Remover empty-tags-remover allows Reflected XSS.This issue affects Empty Tags Remover: from n/a through <= 1.0.
7.1
CVE-2025-24645 - WordPress Eazy Under Construction Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob Scott Eazy Under Construction eazy-under-construction allows Reflected XSS.This issue affects Eazy Under Construction: from n/a through <= 1.0.
0.0
CVE-2025-24651 - WordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress Backup & Migration: from n/a through <= 1.5.3.
7.1
CVE-2025-24655 - WordPress Wishlist Plugin <= 1.0.39 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through <= 1.0.39.
7.1
CVE-2025-24670 - WordPress Term Taxonomy Converter Plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dhanendran Rajagopal Term Taxonomy Converter term-taxonomy-converter allows Reflected XSS.This issue affects Term Taxonomy Converter: from n/a through <= 1.2.
6.5
CVE-2025-24737 - WordPress WP Helper Premium plugin <= 4.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mat Bao Corporation WP Helper Premium wp-helper-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Helper Premium: from n/a through <= 4.6.1.
7.1
CVE-2025-24745 - WordPress Classified Listing plugin <= 4.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Classified Listing classified-listing allows Reflected XSS.This issue affects Classified Listing: from n/a through <= 4.0.1.
7.1
CVE-2025-24752 - WordPress Essential Addons for Elementor plugin <= 6.0.14 - Reflected Cross Site Scripting (XSS) vuโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Reflected XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.0.14.
9.9
CVE-2025-27282 - WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Using Malicious Files.This issue affects Theme File Duplicator: from n/a through <= 1.3.
6.5
CVE-2025-27283 - WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Path Traversal.This issue affects Theme File Duplicator: from n/a through <= 1.3.