4.3
CVE-2025-23955 - WordPress Xola plugin <= 1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in xola Xola xola-bookings-for-tours-activities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through <= 1.6.
5.4
CVE-2025-23963 - WordPress Mark Posts plugin <= 2.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in flymke Mark Posts mark-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through <= 2.2.4.
4.3
CVE-2025-23962 - WordPress Goldstar plugin <= 2.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in jjtrabucco Goldstar goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through <= 2.1.1.
4.3
CVE-2025-23954 - WordPress Salvador โ AI Image Generator plugin <= 1.0.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in awcode Salvador โ AI Image Generator salvador-ai-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador โ AI Image Generator: from n/a through <= 1.0.11.
6.5
CVE-2025-23939 - WordPress Image Switcher plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KHAN-IT Image Switcher image-switcher allows Stored XSS.This issue affects Image Switcher: from n/a through <= 1.1.
6.5
CVE-2025-23950 - WordPress EZPlayer plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ezmarketing EZPlayer ezplayer allows Stored XSS.This issue affects EZPlayer: from n/a through <= 1.0.10.
6.5
CVE-2025-23943 - WordPress PDF.js Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aruvi PDF.js Shortcode pdfjs-shortcode allows Stored XSS.This issue affects PDF.js Shortcode: from n/a through <= 1.0.
6.5
CVE-2025-23946 - WordPress Enhanced YouTube Shortcode plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Le-Pixel-Solitaire Enhanced YouTube Shortcode enhanced-youtube-shortcode allows Stored XSS.This issue affects Enhanced YouTube Shortcode: from n/a through <= 2.0.1.
6.5
CVE-2025-23941 - WordPress MeinTurnierplan.de Widget Viewer plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in meinturnierplan MeinTurnierplan.de Widget Viewer meinturnierplande-widget-viewer allows Stored XSS.This issue affects MeinTurnierplan.de Widget Viewer: from n/a through <= 1.1.
6.5
CVE-2025-23951 - WordPress Gallery: Hybrid โ Advanced Visual Gallery plugin <= 1.4.0.2 - Cross Site Scripting (XSS) โฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DIVENGINE Gallery: Hybrid โ Advanced Visual Gallery hybrid-gallery allows Stored XSS.This issue affects Gallery: Hybrid โ Advanced Visual Gallery: from n/a through <= 1.4.0.2.