7.1
CVE-2025-30602 - WordPress Related Posts via Categories plugin <= 2.1.2 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alphasis Related Posts via Categories related-posts-via-categories allows Stored XSS.This issue affects Related Posts via Categories: from n/a through <= 2.1.2.
4.3
CVE-2025-30601 - WordPress Flipdish Ordering System plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) to Settings โฆ
Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish Ordering System flipdish-ordering-system allows Cross Site Request Forgery.This issue affects Flipdish Ordering System: from n/a through <= 1.5.2.
5.9
CVE-2025-30600 - WordPress WP Hotjar plugin <= 0.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thiagogsrwp WP Hotjar wp-hotjar allows Stored XSS.This issue affects WP Hotjar: from n/a through <= 0.0.3.
5.9
CVE-2025-30599 - WordPress WP Parallax Content Slider plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp-maverick WP Parallax Content Slider wp-parallax-content-slider allows Stored XSS.This issue affects WP Parallax Content Slider: from n/a through <= 0.9.8.
4.3
CVE-2025-30598 - WordPress OSS Upload plugin <= 4.8.9 Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Link OSS Upload oss-upload allows Cross Site Request Forgery.This issue affects OSS Upload: from n/a through <= 4.8.9.
6.5
CVE-2025-30597 - WordPress IG Shortcodes plugin <= 3.1 Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iografica IG Shortcodes ig-shortcodes allows DOM-Based XSS.This issue affects IG Shortcodes: from n/a through <= 3.1.
6.5
CVE-2025-30595 - WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tstafford include-file include-file allows Stored XSS.This issue affects include-file: from n/a through <= 1.
6.5
CVE-2025-30593 - WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in samsk Include URL include-url allows Stored XSS.This issue affects Include URL: from n/a through <= 0.3.5.
5.3
CVE-2025-30592 - WordPress Advanced Dewplayer - plugin <= 1.6 Broken Access Control Vulnerability
Missing Authorization vulnerability in WesternDeal Advanced Dewplayer advanced-dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Dewplayer: from n/a through <= 1.6.
5.3
CVE-2025-30591 - WordPress Music Press Pro plugin <= 1.4.6 Broken Access Control Vulnerability
Missing Authorization vulnerability in tuyennv Music Press Pro music-press-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Press Pro: from n/a through <= 1.4.6.