5.9
CVE-2025-28943 - WordPress DP ALTerminator - Missing ALT manager Plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mylo2h2s DP ALTerminator - Missing ALT manager dp-alterminator-missing-alt-manager allows Stored XSS.This issue affects DP ALTerminator - Missing ALT manager: from n/a through <= 1.0.2.
4.3
CVE-2025-28941 - WordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye spam-byebye allows Cross Site Request Forgery.This issue affects Spam Byebye: from n/a through <= 2.2.4.
4.3
CVE-2025-28940 - WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top backtotop allows Cross Site Request Forgery.This issue affects Back To Top: from n/a through <= 2.0.
4.3
CVE-2025-28938 - WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Performance Pack: from n/a through <= 2.5.3.
5.9
CVE-2025-28937 - WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through <= 1.1.9.
5.9
CVE-2025-28936 - WordPress Lunar plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sakurapixel Lunar lunar-sell-photos-online allows Stored XSS.This issue affects Lunar: from n/a through <= 1.3.0.
7.1
CVE-2025-28933 - WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B maxab allows Stored XSS.This issue affects MaxA/B: from n/a through <= 2.2.2.
7.1
CVE-2025-28932 - WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through <= 2.4.
7.1
CVE-2025-28931 - WordPress WordPress Hashtags plugin <= 0.3.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags wp-hashtags allows Stored XSS.This issue affects Hashtags: from n/a through <= 0.3.2.
6.5
CVE-2025-28930 - WordPress List Mixcloud plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodolphe MOULIN List Mixcloud list-mixcloud allows Stored XSS.This issue affects List Mixcloud: from n/a through <= 1.4.