6.5
CVE-2025-26893 - WordPress Easy Charts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kiran Potphode Easy Charts easy-charts allows DOM-Based XSS.This issue affects Easy Charts: from n/a through <= 1.2.3.
6.5
CVE-2025-26891 - WordPress Ibtana plugin <= 1.2.5.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Stored XSS.This issue affects Ibtana: from n/a through <= 1.2.5.9.
6.5
CVE-2025-26887 - WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.21.35 - Cross Site Scripting (Xβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows Stored XSS.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through <= 5.21.35.
6.5
CVE-2025-26884 - WordPress Greenshift plugin <= 10.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Stored XSS.This issue affects Greenshift: from n/a through <= 10.8.
6.5
CVE-2025-26882 - WordPress Popup Builder plugin <= 1.1.33 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Popup Builder easy-notify-lite allows Stored XSS.This issue affects Popup Builder: from n/a through <= 1.1.33.
6.5
CVE-2025-26881 - WordPress Sticky Content plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Sticky Content sticky-menu-block allows Stored XSS.This issue affects Sticky Content: from n/a through <= 1.0.1.
6.5
CVE-2025-26878 - WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.8.0.1 - Cross Site Scripβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in patternsinthecloud Autoship Cloud for WooCommerce Subscription Products autoship-cloud allows DOM-Based XSS.This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a throughβ¦
6.5
CVE-2025-26877 - WordPress Front End Users Plugin <= 3.2.30 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through <= 3.2.30.
6.8
CVE-2025-26876 - WordPress Search with Typesense Plugin <= 2.0.8 - Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in CodeManas Search with Typesense search-with-typesense allows Path Traversal.This issue affects Search with Typesense: from n/a through <= 2.0.8.
4.3
CVE-2025-26871 - WordPress Essential Blocks plugin <= 4.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.8.3.