7.1
CVE-2025-22794 - WordPress World Cup Predictor Plugin <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ianhaycox World Cup Predictor world-cup-predictor allows Reflected XSS.This issue affects World Cup Predictor: from n/a through <= 1.9.8.
6.5
CVE-2025-22730 - WordPress Ksher plugin <= 1.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through <= 1.1.2.
6.5
CVE-2025-22675 - WordPress Alert Box Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Alert Box Block β Display notice/alerts in the front end alert-box-block allows Stored XSS.This issue affects Alert Box Block β Display notice/alerts in the front end: from n/a through <= β¦
6.5
CVE-2025-22674 - WordPress Product Blocks for WooCommerce plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Get Bowtied Product Blocks for WooCommerce product-blocks-for-woocommerce allows Stored XSS.This issue affects Product Blocks for WooCommerce: from n/a through <= 1.9.1.
5.9
CVE-2025-22664 - WordPress Survey Maker Plugin <= 5.1.3.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.3.5.
6.5
CVE-2025-22662 - WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulneraβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through <= 2.1.5.
6.5
CVE-2025-22653 - WordPress Music Press Pro plugin <=1.4.6 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tuyennv Music Press Pro music-press-pro allows Stored XSS.This issue affects Music Press Pro: from n/a through <= 1.4.6.
4.3
CVE-2025-22643 - WordPress OnePress theme <= 2.3.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in famethemes OnePress onepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnePress: from n/a through <= 2.3.11.
6.5
CVE-2025-22642 - WordPress Dynamic Conditions plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtowebsites Dynamic Conditions dynamicconditions allows Stored XSS.This issue affects Dynamic Conditions: from n/a through <= 1.7.4.
5.9
CVE-2025-22641 - WordPress FM Notification Bar plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prem Tiwari FM Notification Bar fm-notification-bar allows Stored XSS.This issue affects FM Notification Bar: from n/a through <= 1.0.4.