6.5
CVE-2025-31092 - WordPress Click to Chat β WP Support All-in-One Floating Widget plugin <= 2.3.4 - Cross Site Scriptβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team Click to Chat β WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat β WP Support All-in-One Floating Widget: from n/a through <= 2.3.4.
4.8
CVE-2025-2878 - Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting
A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database leadsβ¦
5.9
CVE-2025-31101 - WordPress VaultRE Contact Form 7 plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact Form 7: from n/a through 1.0.
5.7
CVE-2025-2888 - Improper timestamp caching during snapshot rollback in tough
During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the cache is cleared. Users should upgrade to tough version 0.20.0β¦
5.7
CVE-2025-2887 - Failure to detect delegated target rollback in tough
During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched toβ¦
5.7
CVE-2025-2886 - Terminating targets role delegations are not respected in tough
Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough versioβ¦
5.7
CVE-2025-2885 - Root metadata version not validated in tough
Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure anβ¦
5.9
CVE-2025-31031 - WordPress Job Colors for WP Job Manager plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Job Colors for WP Job Manager wp-job-manager-colors allows Stored XSS.This issue affects Job Colors for WP Job Manager: from n/a through <= 1.0.4.
8.2
CVE-2025-26733 - WordPress Traveler theme < 3.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
9
CVE-2025-26873 - WordPress Traveler theme <= 3.1.8 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.