5.9
CVE-2025-23854 - WordPress Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com plugin <= 3.3 - Cross Siβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yesstreamingdev Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com allows Stored XSS.This issue affects Shoutcast and β¦
7.1
CVE-2025-23869 - WordPress CJ Custom Content plugin <= 2.0 - CSRF to Cross-Site Scripting vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in shibulijack CJ Custom Content cj-custom-content allows Stored XSS.This issue affects CJ Custom Content: from n/a through <= 2.0.
6.5
CVE-2025-23859 - WordPress Daily Proverb plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jd7777 Daily Proverb daily-proverb allows Stored XSS.This issue affects Daily Proverb: from n/a through <= 2.0.3.
6.5
CVE-2025-23860 - WordPress Charity-thermometer plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crea8xion Charity-thermometer charitydonation-thermometer allows Stored XSS.This issue affects Charity-thermometer: from n/a through <= 1.1.2.
5.3
CVE-2025-23862 - WordPress Contact Form 7 Anti Spambot plugin <= 1.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot contact-form-7-anti-spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through <= 1.0.1.
7.1
CVE-2025-23861 - WordPress Debt Calculator plugin <= 1.0.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Zack Katz Debt Calculator debt-calculator allows Cross Site Request Forgery.This issue affects Debt Calculator: from n/a through <= 1.0.1.
6.5
CVE-2025-23856 - WordPress Simple Vertical Timeline plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Odyno Simple Vertical Timeline simple-vertical-timeline allows DOM-Based XSS.This issue affects Simple Vertical Timeline: from n/a through <= 0.1.
7.1
CVE-2025-23848 - WordPress Hotspots Analytics plugin <= 4.0.12 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in dpowney Hotspots Analytics hotspots allows Stored XSS.This issue affects Hotspots Analytics: from n/a through <= 4.0.12.
7.1
CVE-2025-23842 - WordPress WordPress Gallery Plugin plugin <= 1.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin wordpress-gallery-plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through <= 1.4.
6.5
CVE-2025-23830 - WordPress JB Horizontal Scroller News Ticker plugin <= 1.0 - Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jobair JB Horizontal Scroller News Ticker jb-horizontal-scroller-news-ticker allows DOM-Based XSS.This issue affects JB Horizontal Scroller News Ticker: from n/a through <= 1.0.