6.5
CVE-2025-23924 - WordPress WP Photo Sphere plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeremy WP Photo Sphere wp-photo-sphere allows Stored XSS.This issue affects WP Photo Sphere: from n/a through <= 3.8.
6.5
CVE-2025-23935 - WordPress Magic Google Maps plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fengler Magic Google Maps magic-google-maps allows Stored XSS.This issue affects Magic Google Maps: from n/a through <= 1.0.4.
6.5
CVE-2025-23933 - WordPress WpF Ultimate Carousel plugin <= 1.0.11 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpfreeware WpF Ultimate Carousel wpf-ultimate-carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through <= 1.0.11.
4.3
CVE-2025-23930 - WordPress PayPal Marketing Solutions plugin <= 1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in paypalmuse PayPal Marketing Solutions paypal-promotions-and-insights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through <= 1.2.
5.4
CVE-2025-23917 - WordPress Chamber Dashboard Business Directory Plugin <= 3.3.10 - Broken Access Control vulnerabiliβ¦
Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory chamber-dashboard-business-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through <= 3.3.10.
6.5
CVE-2025-23925 - WordPress Feedburner Optin Form plugin <= 0.2.8 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jp2112 Feedburner Optin Form feedburner-optin-form allows Stored XSS.This issue affects Feedburner Optin Form: from n/a through <= 0.2.8.
6.5
CVE-2025-23936 - WordPress CC Circle Progress Bar plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harun R. Rayhan(thecrazycoder) CC Circle Progress Bar cc-circle-progress-bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through <= 1.0.0.
6.5
CVE-2025-23927 - WordPress Incredible Font Awesome plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in massimo.serpilli Incredible Font Awesome incredible-font-awesome allows Stored XSS.This issue affects Incredible Font Awesome: from n/a through <= 1.0.
4.3
CVE-2025-23929 - WordPress Email Capture & Lead Generation Plugin <= 1.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation email-capture-lead-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through <= 1.0.2.
10
CVE-2025-23922 - WordPress iSpring Embedder plugin <= 1.0 - CSRF to Arbitrary File Upload vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder embed-ispring allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through <= 1.0.