7.1
CVE-2025-22575 - WordPress SUPER RESPONSIVE SLIDER Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER super-slider allows Reflected XSS.This issue affects SUPER RESPONSIVE SLIDER: from n/a through <= 1.4.
7.1
CVE-2025-22566 - WordPress ULTIMATE VIDEO GALLERY Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb ULTIMATE VIDEO GALLERY ultimate-gallery allows Reflected XSS.This issue affects ULTIMATE VIDEO GALLERY: from n/a through <= 1.4.
9.8
CVE-2025-22526 - WordPress PHP/MySQL CPU performance statistics Plugin <= 1.2.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object Injection.This issue affects PHP/MySQL CPU performance statistics: from n/a through <= 1.2.1.
9.3
CVE-2025-22523 - WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through <= 1.0.0.
7.1
CVE-2025-22501 - WordPress Improve My City plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Improve My City Improve My City improve-my-city allows Reflected XSS.This issue affects Improve My City: from n/a through <= 1.6.
7.1
CVE-2025-22360 - WordPress WP Azure offload plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in promact WP Azure offload wp-azure-offload allows Reflected XSS.This issue affects WP Azure offload: from n/a through <= 2.0.
7.1
CVE-2025-22356 - WordPress Stencies plugin <= 0.58 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stencies Stencies stencies allows Reflected XSS.This issue affects Stencies: from n/a through <= 0.58.
8.1
CVE-2024-54362 - WordPress GetShop ecommerce plugin <= 1.3 - Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3.
8.6
CVE-2024-54291 - WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through <= 0.9.10.
7.1
CVE-2024-51624 - WordPress Jรก-Jรก Pagamentos for WooCommerce plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jajapagamentos Jรก-Jรก Pagamentos for WooCommerce wc-ja-ja-pagamentos-multicaixa-express allows Reflected XSS.This issue affects Jรก-Jรก Pagamentos for WooCommerce: from n/a through <= 1.3.0.