6.5
CVE-2025-24578 - WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.3.0.
5.4
CVE-2025-24571 - WordPress WP Fast Total Search plugin <= 1.78.258 - Broken Access Control vulnerability
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through <= 1.78.258.
4.3
CVE-2025-24591 - WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.1 - Broken Access Control vulnβ¦
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.1.
5.4
CVE-2025-24546 - WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vβ¦
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance ultimate-coming-soon allows Cross Site Request Forgery.This issue affects Ultimate Coming Soon & Maintenance: from n/a through <= 1.0.9.
5.3
CVE-2025-24582 - WordPress 12 Step Meeting List plugin <= 3.16.5 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5.
7.1
CVE-2025-24561 - WordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in awcode ReviewsTap reviewstap allows Stored XSS.This issue affects ReviewsTap: from n/a through <= 1.1.2.
6.5
CVE-2025-24580 - WordPress 12 Step Meeting List plugin <= 3.16.5 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5.
6.5
CVE-2025-24575 - WordPress HelloAsso plugin <= 1.1.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso HelloAsso helloasso allows Stored XSS.This issue affects HelloAsso: from n/a through <= 1.1.11.
4.3
CVE-2025-24568 - WordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates astra-sites allows Cross Site Request Forgery.This issue affects Starter Templates: from n/a through <= 4.4.9.
7.1
CVE-2025-24555 - WordPress Subscription DNA plugin <= 2.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in subscriptiondna Subscription DNA subscriptiondna allows Stored XSS.This issue affects Subscription DNA: from n/a through <= 2.1.