7.6
CVE-2025-22693 - WordPress Contest Gallery plugin <= 25.1.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows SQL Injection.This issue affects Contest Gallery: from n/a through <= 25.1.0.
7.6
CVE-2025-22691 - WordPress WP Travel plugin <= 10.1.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows SQL Injection.This issue affects WP Travel: from n/a through <= 10.1.3.
7.1
CVE-2025-22690 - WordPress DigiTimber cPanel Integration plugin <= 1.4.6 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through <= 1.4.6.
7.1
CVE-2025-22688 - WordPress Unlimited Page Sidebars plugin <= 0.2.6 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars unlimited-page-sidebars allows Stored XSS.This issue affects Unlimited Page Sidebars: from n/a through <= 0.2.6.
5.3
CVE-2025-22686 - WordPress CF7 Google Sheets Connector plugin <= 5.0.17 - Broken Access Control vulnerability
Missing Authorization vulnerability in WesternDeal CF7 Google Sheets Connector cf7-google-sheets-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Google Sheets Connector: from n/a through <= 5.0.17.
7.1
CVE-2025-22685 - WordPress Tags to Keywords plugin <= 1.0.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in CheGevara29 Tags to Keywords tags-to-meta-keywords allows Stored XSS.This issue affects Tags to Keywords: from n/a through <= 1.0.1.
7.1
CVE-2025-22684 - WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through <= 5.0.0.
6.5
CVE-2025-22683 - WordPress NotificationX plugin <= 2.9.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX notificationx allows Stored XSS.This issue affects NotificationX: from n/a through <= 2.9.5.
7.1
CVE-2025-22682 - WordPress Hesabfa Accounting Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Reflected XSS.This issue affects Hesabfa Accounting: from n/a through <= 2.1.2.
4.3
CVE-2025-22681 - WordPress Content Cloner plugin <= 1.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Xfinitysoft Content Cloner super-seo-content-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Content Cloner: from n/a through <= 1.0.1.