8.8
CVE-2025-1707 - Review Schema <= 2.2.4 - Authenticated (Contributor+) Local File Inclusion via Post Meta
The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing thβ¦
8.8
CVE-2025-28868 - WordPress ZipList Recipe plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe ziplist-recipe-plugin allows Cross Site Request Forgery.This issue affects ZipList Recipe: from n/a through <= 3.1.
0.0
CVE-2025-28943 - WordPress DP ALTerminator - Missing ALT manager Plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mylo2h2s DP ALTerminator - Missing ALT manager dp-alterminator-missing-alt-manager allows Stored XSS.This issue affects DP ALTerminator - Missing ALT manager: from n/a through <= 1.0.2.
0.0
CVE-2025-28941 - WordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye spam-byebye allows Cross Site Request Forgery.This issue affects Spam Byebye: from n/a through <= 2.2.4.
0.0
CVE-2025-28940 - WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top backtotop allows Cross Site Request Forgery.This issue affects Back To Top: from n/a through <= 2.0.
0.0
CVE-2025-28938 - WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Performance Pack: from n/a through <= 2.5.3.
0.0
CVE-2025-28937 - WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through <= 1.1.9.
0.0
CVE-2025-28936 - WordPress Lunar plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sakurapixel Lunar lunar-sell-photos-online allows Stored XSS.This issue affects Lunar: from n/a through <= 1.3.0.
0.0
CVE-2025-28933 - WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B maxab allows Stored XSS.This issue affects MaxA/B: from n/a through <= 2.2.2.
0.0
CVE-2025-28932 - WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through <= 2.4.