6.5
CVE-2025-25096 - WordPress RSS in Page plugin <= 2.9.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titusbicknell RSS in Page rss-in-page allows Stored XSS.This issue affects RSS in Page: from n/a through <= 2.9.1.
6.5
CVE-2025-25085 - WordPress WP SimpleWeather plugin <= 0.2.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matt_mcbrien WP SimpleWeather wp-simpleweather allows Stored XSS.This issue affects WP SimpleWeather: from n/a through <= 0.2.5.
7.1
CVE-2025-25071 - WordPress Vignette Ads plugin <= 0.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads vignete-ads allows Stored XSS.This issue affects Vignette Ads: from n/a through <= 0.2.
6.5
CVE-2025-25094 - WordPress Breaking News Ticker plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amitythemes.com Breaking News Ticker breaking-news-ticker allows Stored XSS.This issue affects Breaking News Ticker: from n/a through <= 2.4.4.
6.5
CVE-2025-25080 - WordPress Kona Gallery Block plugin <= 1.7 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gubbigubbi Kona Gallery Block kona-instagram-feed-for-gutenberg allows Stored XSS.This issue affects Kona Gallery Block: from n/a through <= 1.7.
6.5
CVE-2025-25077 - WordPress Easy Chart Builder for WordPress plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress easy-chart-builder allows Stored XSS.This issue affects Easy Chart Builder for WordPress: from n/a through <= 1.3.
7.1
CVE-2025-25075 - WordPress Show notice or message on admin area plugin <= 2.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area show-notice-or-message-on-admin-area allows Stored XSS.This issue affects Show notice or message on admin area: from n/a through <= 2.0.
6.5
CVE-2025-25078 - WordPress Google Earth Embed plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrew Norcross Google Earth Embed google-earth-tours allows Stored XSS.This issue affects Google Earth Embed: from n/a through <= 1.0.
7.1
CVE-2025-25074 - WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream wp-social-stream allows Stored XSS.This issue affects WP Social Stream: from n/a through <= 1.1.
6.5
CVE-2025-25079 - WordPress Simple Select All Text Box plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Select All Text Box simple-select-all-text-box allows Stored XSS.This issue affects Simple Select All Text Box: from n/a through <= 3.2.