7.1
CVE-2025-23848 - WordPress Hotspots Analytics plugin <= 4.0.12 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in dpowney Hotspots Analytics hotspots allows Stored XSS.This issue affects Hotspots Analytics: from n/a through <= 4.0.12.
7.1
CVE-2025-23842 - WordPress WordPress Gallery Plugin plugin <= 1.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin wordpress-gallery-plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through <= 1.4.
6.5
CVE-2025-23830 - WordPress JB Horizontal Scroller News Ticker plugin <= 1.0 - Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jobair JB Horizontal Scroller News Ticker jb-horizontal-scroller-news-ticker allows DOM-Based XSS.This issue affects JB Horizontal Scroller News Ticker: from n/a through <= 1.0.
6.5
CVE-2025-23841 - WordPress Top Flash Embed plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foo123 Top Flash Embed top-flash-embed allows Stored XSS.This issue affects Top Flash Embed: from n/a through <= 0.3.4.
7.1
CVE-2025-23844 - WordPress Custom Widget Classes plugin <= 1.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Jamsheer K Custom Widget Classes custom-widget-classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through <= 1.1.
6.5
CVE-2025-23831 - WordPress QR Code Generator plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mobstac QR Code Generator qrcode-wprhe allows DOM-Based XSS.This issue affects QR Code Generator: from n/a through <= 1.2.6.
7.1
CVE-2025-23828 - WordPress WordPress Data Guard [Website Security] plugin <= 8 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sindhi WordPress Data Guard wordpress-data-guards allows Stored XSS.This issue affects WordPress Data Guard: from n/a through <= 8.
7.1
CVE-2025-23826 - WordPress Stop Comment Spam plugin <= 0.5.3 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pedjas Stop Comment Spam stop-comment-spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through <= 0.5.3.
6.5
CVE-2025-23824 - WordPress FontAwesome.io ShortCodes plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Weleczka FontAwesome.io ShortCodes fontawesomeio-shortcodes allows Stored XSS.This issue affects FontAwesome.io ShortCodes: from n/a through <= 1.0.
6.5
CVE-2025-23833 - WordPress Links/Problem Reporter plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter report-broken-links allows DOM-Based XSS.This issue affects Links/Problem Reporter: from n/a through <= 2.6.0.