7.1
CVE-2025-28935 - WordPress Fancybox Plus plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in puzich Fancybox Plus fancybox-plus allows Reflected XSS.This issue affects Fancybox Plus: from n/a through <= 1.0.1.
7.1
CVE-2025-28934 - WordPress Simple Post Series plugin <= 2.4.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chaozh Simple Post Series simple-post-series allows Reflected XSS.This issue affects Simple Post Series: from n/a through <= 2.4.4.
7.1
CVE-2025-28928 - WordPress Are you robot google recaptcha for Wordpress plugin <= 2.2 - Reflected Cross Site Scriptiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Are you robot google recaptcha for wordpress are-you-robot-recaptcha allows Reflected XSS.This issue affects Are you robot google recaptcha for wordpress: from n/a through <= 2.2.
7.1
CVE-2025-28924 - WordPress ZenphotoPress plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simbul ZenphotoPress zenphotopress allows Reflected XSS.This issue affects ZenphotoPress: from n/a through <= 1.8.
7.1
CVE-2025-28921 - WordPress SpatialMatch IDX plugin <= 3.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in homejunction SpatialMatch IDX spatialmatch-free-lifestyle-search allows Reflected XSS.This issue affects SpatialMatch IDX: from n/a through <= 3.0.9.
7.1
CVE-2025-28917 - WordPress Custom Smilies plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crazyloong Custom Smilies custom-smilies-se allows Stored XSS.This issue affects Custom Smilies: from n/a through <= 2.9.2.
9.8
CVE-2025-28916 - WordPress Docpro plugin <= 2.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rashid Docpro docpro allows PHP Local File Inclusion.This issue affects Docpro: from n/a through <= 2.0.1.
7.1
CVE-2025-28911 - WordPress Gravity 2 PDF plugin <= 3.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gravity2pdf Gravity 2 PDF gf2pdf allows Reflected XSS.This issue affects Gravity 2 PDF: from n/a through <= 3.1.3.
7.1
CVE-2025-28903 - WordPress Driving Directions plugin <= 1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hectorgarrofe Driving Directions ddirections allows Reflected XSS.This issue affects Driving Directions: from n/a through <= 1.4.4.
7.1
CVE-2025-28899 - WordPress WP Event Ticketing plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toddhuish WP Event Ticketing wpeventticketing allows Reflected XSS.This issue affects WP Event Ticketing: from n/a through <= 1.3.4.