0.0
CVE-2025-22345 - WordPress TS Comfort DB plugin <= 2.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tsinf TS Comfort DB ts-comfort-database allows Reflected XSS.This issue affects TS Comfort DB: from n/a through <= 2.0.7.
0.0
CVE-2025-22361 - WordPress Opentracker Analytics Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Opentracker Opentracker Analytics opentracker-analytics allows Reflected XSS.This issue affects Opentracker Analytics: from n/a through <= 1.3.
0.0
CVE-2025-22504 - WordPress 4ECPS Web Forms Plugin <= 0.2.18 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms 4ecps-webforms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through <= 0.2.18.
0.0
CVE-2025-22505 - WordPress NC Wishlist for Woocommerce Plugin <= 1.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crispweb NC Wishlist for Woocommerce nc-wishlist-for-woocommerce allows SQL Injection.This issue affects NC Wishlist for Woocommerce: from n/a through <= 1.0.1.
0.0
CVE-2025-22508 - WordPress FAT Event Lite plugin <= 1.1 - Unauthenticated Non-Arbitrary Local File Inclusion vulneraβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Event Lite fat-event-lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through <= 1.1.
0.0
CVE-2025-22510 - WordPress WC Price History for Omnibus plugin <= 2.1.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in kkarpieszuk WC Price History for Omnibus wc-price-history allows Object Injection.This issue affects WC Price History for Omnibus: from n/a through <= 2.1.4.
0.0
CVE-2025-22521 - WordPress wp Hosting Performance Check Plugin <= 2.18.8 - Reflected Cross Site Scripting (XSS) vulnβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Farrell wp Hosting Performance Check wp-hosting-performance-check allows Reflected XSS.This issue affects wp Hosting Performance Check: from n/a through <= 2.18.8.
0.0
CVE-2025-22527 - WordPress Mailing Group Listserv Plugin <= 2.0.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through <= 2.0.9.
0.0
CVE-2025-22535 - WordPress WPListCal Plugin <= 1.3.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jonkern WPListCal wplistcal allows SQL Injection.This issue affects WPListCal: from n/a through <= 1.3.5.
0.0
CVE-2025-22537 - WordPress Google Maps Travel Route Plugin <= 1.3.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in traveller11 Google Maps Travel Route google-maps-travel-route allows SQL Injection.This issue affects Google Maps Travel Route: from n/a through <= 1.3.1.