7.1
CVE-2025-26868 - WordPress Fast Flow plugin <= 1.2.16 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fastflow Fast Flow fast-flow-dashboard allows Reflected XSS.This issue affects Fast Flow: from n/a through <= 1.2.16.
7.5
CVE-2025-26753 - WordPress VideoWhisper Live Streaming Integration plugin <= 6.2 - Arbitrary File Download vulnerabiβ¦
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live Video: from n/a through <= 6.2.
8.6
CVE-2025-26752 - WordPress VideoWhisper Live Streaming Integration plugin <= 6.2 - Arbitrary File Deletion vulnerabiβ¦
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live Video: from n/a through <= 6.2.
7.1
CVE-2025-26751 - WordPress Alphabetic Pagination Plugin <= 3.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood Alphabetic Pagination alphabetic-pagination allows Reflected XSS.This issue affects Alphabetic Pagination: from n/a through <= 3.2.1.
6.5
CVE-2024-54444 - WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.25.10.
5.4
CVE-2025-27000 - WordPress Simple Photo Feed Plugin <= 1.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in George Pattichis Simple Photo Feed simple-photo-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Photo Feed: from n/a through <= 1.4.0.
7.1
CVE-2025-26987 - WordPress Frontend Admin by DynamiApps plugin <= 3.25.17 - Reflected Cross Site Scripting (XSS) vulβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Reflected XSS.This issue affects Frontend Admin by DynamiApps: from n/a through <= 3.25.17.
8.1
CVE-2025-26985 - WordPress Majestic Support plugin <= 1.0.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through <= 1.0.6.
2.3
CVE-2024-51539 -
The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attackβ¦
5.3
CVE-2025-1262 - Advanced Google reCaptcha <= 1.27 - Built-in Math CAPTCHA Bypass
The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.