6.5
CVE-2025-23613 - WordPress WP Journal plugin <= 1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in mediabeta WP Journal wpjournal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Journal: from n/a through <= 1.1.
7.1
CVE-2025-23600 - WordPress Send to a Friend Addon plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pinal.shah Send to a Friend Addon send-booking-invites-to-friends allows Reflected XSS.This issue affects Send to a Friend Addon: from n/a through <= 1.4.1.
7.1
CVE-2025-23595 - WordPress Page Health-O-Meter plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brainpulse Page Health-O-Meter page-health-o-meter allows Reflected XSS.This issue affects Page Health-O-Meter: from n/a through <= 2.0.
7.1
CVE-2025-23587 - WordPress all-in-one-box-login plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashek Al Mahmud all-in-one-box-login all-in-one-login allows Reflected XSS.This issue affects all-in-one-box-login: from n/a through <= 2.0.1.
7.1
CVE-2025-23586 - WordPress WP Post Category Notifications plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulneβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MAL73049 WP Post Category Notifications wp-post-category-notifications allows Reflected XSS.This issue affects WP Post Category Notifications: from n/a through <= 1.0.
7.1
CVE-2025-23585 - WordPress Goo.gl Url Shorter plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo Goo.gl Url Shorter googl-url-shorter allows Reflected XSS.This issue affects Goo.gl Url Shorter: from n/a through <= 1.0.1.
7.1
CVE-2025-23584 - WordPress Pin Locations on Map plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arsh91 Pin Locations on Map pin-locations-on-map allows Reflected XSS.This issue affects Pin Locations on Map: from n/a through <= 1.0.
6.5
CVE-2025-23579 - WordPress DZS Ajaxer Lite plugin <= 1.04 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio DZS Ajaxer Lite dzs-ajaxer-lite-dynamic-page-load allows Stored XSS.This issue affects DZS Ajaxer Lite: from n/a through <= 1.04.
7.1
CVE-2025-23576 - WordPress WP Intro.JS Plugin plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cfuze WP Intro.JS wp-intro-js-tours allows Reflected XSS.This issue affects WP Intro.JS: from n/a through <= 1.1.
7.1
CVE-2025-23575 - WordPress DX Sales CRM plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevriX DX Sales CRM dx-sales-crm allows Reflected XSS.This issue affects DX Sales CRM: from n/a through <= 1.1.