6.5
CVE-2025-23515 - WordPress ts-tree plugin <= 0.1.1 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in tsecher ts-tree ts-tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ts-tree: from n/a through <= 0.1.1.
7.1
CVE-2025-23505 - WordPress Pit Login Welcome plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantho Bihosh Pit Login Welcome pit-login-welcome allows Reflected XSS.This issue affects Pit Login Welcome: from n/a through <= 1.1.5.
7.1
CVE-2025-23502 - WordPress Curated Search plugin <= 1.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Ned Curated Search curated-search allows Stored XSS.This issue affects Curated Search: from n/a through <= 1.2.
7.1
CVE-2025-23496 - WordPress WP FPO plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in husani WP FPO wp-fpo allows Reflected XSS.This issue affects WP FPO: from n/a through <= 1.0.
7.1
CVE-2025-23494 - WordPress Quizzin plugin <= 1.01.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binnyva Quizzin quizzin allows Reflected XSS.This issue affects Quizzin: from n/a through <= 1.01.4.
7.1
CVE-2025-23493 - WordPress Google Transliteration plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moallemi Google Transliteration google-transliteration allows Reflected XSS.This issue affects Google Transliteration: from n/a through <= 1.7.2.
7.1
CVE-2025-23490 - WordPress Browser-Update-Notify plugin <= 0.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Stursberg Browser-Update-Notify browser-update-notify allows Reflected XSS.This issue affects Browser-Update-Notify: from n/a through <= 0.2.1.
7.1
CVE-2025-23488 - WordPress rng-refresh plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abolfazl Sabagh rng-refresh rng-refresh allows Reflected XSS.This issue affects rng-refresh: from n/a through <= 1.0.
7.1
CVE-2025-23487 - WordPress Easy Gallery plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in odihost Easy Gallery simple-gallery-odihost allows Reflected XSS.This issue affects Easy Gallery: from n/a through <= 1.4.
7.1
CVE-2025-23485 - WordPress RS Survey plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richestsoft RS Survey rs-survey allows Reflected XSS.This issue affects RS Survey: from n/a through <= 1.0.