4.3
CVE-2025-24691 - WordPress People Lists plugin <= 1.3.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in ctltwp People Lists people-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects People Lists: from n/a through <= 1.3.10.
4.3
CVE-2025-24693 - WordPress Advanced Notifications plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Yehi Advanced Notifications advanced-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Notifications: from n/a through <= 1.2.7.
5.9
CVE-2025-24681 - WordPress Product Carousel Slider & Grid Ultimate for WooCommerce Plugin <= 1.10.0 - Cross Site Scβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate allows Stored XSS.This issue affects Product Carousel Slider & Grid Ultimate for WooCommeβ¦
6.5
CVE-2025-24678 - WordPress Listamester Plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in listamester Listamester listamester allows Stored XSS.This issue affects Listamester: from n/a through <= 2.3.4.
4.3
CVE-2025-24682 - WordPress Super Block Slider plugin <= 2.7.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Michael Super Block Slider super-block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Block Slider: from n/a through <= 2.7.9.
6.5
CVE-2025-24687 - WordPress Show/Hide Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lars Wallenborn Show/Hide Shortcode showhide-shortcode allows Stored XSS.This issue affects Show/Hide Shortcode: from n/a through <= 1.0.0.
6.5
CVE-2025-24702 - WordPress Xagio SEO plugin <= 7.0.0.20 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xagio SEO Xagio SEO xagio-seo allows Stored XSS.This issue affects Xagio SEO: from n/a through <= 7.0.0.20.
6.5
CVE-2025-24675 - WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.2 - Cross Site Scripting (XSS) vulnβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows Stored XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 7.2.
5.9
CVE-2025-24666 - WordPress Hyve Lite plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle AI Chatbot for WordPress β Hyve Lite hyve-lite allows Stored XSS.This issue affects AI Chatbot for WordPress β Hyve Lite: from n/a through <= 1.2.2.
4.3
CVE-2025-24679 - WordPress Internal Links Manager plugin <= 2.5.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in webraketen Internal Links Manager seo-automated-link-building allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Links Manager: from n/a through <= 2.5.2.