6.5
CVE-2025-28929 - WordPress Tabbed Login Widget plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vivek Marakana Tabbed Login Widget tabbed-login allows Stored XSS.This issue affects Tabbed Login Widget: from n/a through <= 1.1.2.
4.3
CVE-2025-28927 - WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name display-template-name allows Cross Site Request Forgery.This issue affects Display Template Name: from n/a through <= 1.7.1.
5.9
CVE-2025-28926 - WordPress Post Read Time plugin <= 1.2.6 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in popeating Post Read Time post-read-time allows Stored XSS.This issue affects Post Read Time: from n/a through <= 1.2.6.
7.1
CVE-2025-28925 - WordPress WATI Chat and Notification plugin <= 1.1.2 - CSRF to Stored Cross Site Scripting (XSS) vโฆ
Cross-Site Request Forgery (CSRF) vulnerability in Hieu Nguyen WATI Chat and Notification wati-chat-and-notification allows Stored XSS.This issue affects WATI Chat and Notification: from n/a through <= 1.1.2.
7.1
CVE-2025-28923 - WordPress No Disposable Email plugin <= 2.5.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in philippe No Disposable Email no-disposable-email allows Stored XSS.This issue affects No Disposable Email: from n/a through <= 2.5.1.
7.1
CVE-2025-28922 - WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Terence D. Go To Top go-to-top allows Stored XSS.This issue affects Go To Top: from n/a through <= 0.0.8.
5.3
CVE-2025-28920 - WordPress Responsive Google Map plugin <= 3.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Jogesh Responsive Google Map responsive-google-map allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Google Map: from n/a through <= 3.1.5.
6.5
CVE-2025-28919 - WordPress Easy Image Display plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shellbot Easy Image Display easy-image-display allows Stored XSS.This issue affects Easy Image Display: from n/a through <= 1.2.5.
6.5
CVE-2025-28918 - WordPress Featured Image Thumbnail Grid plugin <= 6.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A. Jones Featured Image Thumbnail Grid thumbnail-grid allows Stored XSS.This issue affects Featured Image Thumbnail Grid: from n/a through <= 6.8.
9.1
CVE-2025-28915 - WordPress ThemeEgg ToolKit plugin <= 1.2.9 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit themeegg-toolkit allows Upload a Web Shell to a Web Server.This issue affects ThemeEgg ToolKit: from n/a through <= 1.2.9.