7.1
CVE-2025-23462 - WordPress FWD Slider plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anil Jailta FWD Slider fwd-slider allows Reflected XSS.This issue affects FWD Slider: from n/a through <= 1.0.
7.1
CVE-2025-23449 - WordPress Simple shortcode buttons plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerabiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidpuc Simple shortcode buttons simple-shortcode-buttons allows Reflected XSS.This issue affects Simple shortcode buttons: from n/a through <= 1.3.2.
7.1
CVE-2025-22772 - WordPress Mapbox for WP Advanced Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stephanemartinw Mapbox for WP Advanced mapbox-for-wp-advanced allows Reflected XSS.This issue affects Mapbox for WP Advanced: from n/a through <= 1.0.0.
7.1
CVE-2025-23966 - WordPress a Gateway for Pasargad Bank on WooCommerce Plugin <= 2.5.2 - Cross Site Scripting (XSS) vβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ala Falaki a Gateway for Pasargad Bank on WooCommerce a-gateway-for-pasargad-bank-on-woocommerce allows Reflected XSS.This issue affects a Gateway for Pasargad Bank on WooCommerce: from n/a throughβ¦
7.1
CVE-2025-23959 - WordPress Good Old Gallery Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linus Lundahl Good Old Gallery good-old-gallery allows Reflected XSS.This issue affects Good Old Gallery: from n/a through <= 2.1.2.
10
CVE-2025-23953 - WordPress user files plugin <= 2.4.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Scriptonite user files user-files allows Upload a Web Shell to a Web Server.This issue affects user files: from n/a through <= 2.4.2.
8.1
CVE-2025-23949 - WordPress Improved Sale Badges β Free Version Plugin <= 1.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dzeriho Improved Sale Badges β Free Version improved-sale-badges-free-version allows PHP Local File Inclusion.This issue affects Improved Sale Badges β Free Version: from n/a thrβ¦
8.1
CVE-2025-23948 - WordPress Background animation blocks Plugin <= 2.1.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Webarea Background animation blocks background-animation-blocks allows PHP Local File Inclusion.This issue affects Background animation blocks: from n/a through <= 2.1.5.
8.8
CVE-2025-23944 - WordPress WOOEXIM Plugin <= 5.0.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in bulktheme WOOEXIM wooexim allows Object Injection.This issue affects WOOEXIM: from n/a through <= 5.0.0.
9.1
CVE-2025-23942 - WordPress WP Load Gallery Plugin <= 2.1.6 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6.