5.4
CVE-2025-23919 - WordPress Slides & Presentations Plugin <= 0.0.39 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella Van Durpe Slides & Presentations slide allows Code Injection.This issue affects Slides & Presentations: from n/a through <= 0.0.39.
8.5
CVE-2025-23912 - WordPress WordPress Custom Sidebar Plugin <= 2.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Philipp Speck WordPress Custom Sidebar wordpress-custom-sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through <= 2.3.
7.1
CVE-2025-23901 - WordPress GravatarLocalCache plugin <= 1.1.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in cybio GravatarLocalCache gravatarlocalcache allows Cross Site Request Forgery.This issue affects GravatarLocalCache: from n/a through <= 1.1.2.
8.5
CVE-2025-23913 - WordPress Google Map Professional Plugin <= 1.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pankajpragma WordPress Google Map Professional google-map-professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through <= 1.0.
8.5
CVE-2025-23911 - WordPress Solidres β Hotel booking plugin for WordPress Plugin <= 0.9.4 - SQL Injection vulnerabiliβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solidres Solidres β Hotel booking plugin solidres allows SQL Injection.This issue affects Solidres β Hotel booking plugin: from n/a through <= 0.9.4.
6.5
CVE-2025-23909 - WordPress Compare Ninja plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Common Ninja Compare Ninja compare-ninja-comparison-tables allows Stored XSS.This issue affects Compare Ninja: from n/a through <= 2.1.0.
6.5
CVE-2025-23908 - WordPress Pastebin plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rami Yushuvaev Pastebin pastebin-embed allows Stored XSS.This issue affects Pastebin: from n/a through <= 1.5.
7.1
CVE-2025-23900 - WordPress Genki Announcement plugin <= 1.4.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in genkisan Genki Announcement genki-announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through <= 1.4.1.
7.1
CVE-2025-23902 - WordPress Error Notification plugin <= 0.2.7 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Error Notification error-notification allows Cross Site Request Forgery.This issue affects Error Notification: from n/a through <= 0.2.7.
6.5
CVE-2025-23899 - WordPress Bookalet plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bookalet Bookalet bookalet allows Stored XSS.This issue affects Bookalet: from n/a through <= 1.0.3.