7.1
CVE-2025-24684 - WordPress Media Downloader Plugin <= 0.4.7.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader media-downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through <= 0.4.7.5.
7.1
CVE-2025-24676 - WordPress Custom WP Store Locator plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in umangmetatagg Custom WP Store Locator custom-store-locator allows Reflected XSS.This issue affects Custom WP Store Locator: from n/a through <= 1.4.7.
7.1
CVE-2025-24660 - WordPress Simple Membership Custom Messages Plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vuβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership Custom Messages simple-membership-custom-messages allows Reflected XSS.This issue affects Simple Membership Custom Messages: from n/a through <= 2.4.
7.1
CVE-2025-24656 - WordPress Realtyna Provisioning Plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Realtyna Realtyna Provisioning realtyna-provisioning allows Reflected XSS.This issue affects Realtyna Provisioning: from n/a through <= 1.2.2.
7.1
CVE-2025-24646 - WordPress XML for Avito Plugin <= 2.5.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc XML for Avito xml-for-avito allows Reflected XSS.This issue affects XML for Avito: from n/a through <= 2.5.2.
0.0
CVE-2025-24643 - WordPress WPGuppy plugin <= 1.1.0 - Broken Authentication vulnerability
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a through <= 1.1.0.
6.5
CVE-2025-24642 - WordPress Setup Default Featured Image plugin <= 1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in theme funda Setup Default Featured Image setup-default-feature-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Setup Default Featured Image: from n/a through <= 1.2.
6.5
CVE-2025-24639 - WordPress Korea for WooCommerce plugin <= 1.1.11 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Greys Korea for WooCommerce korea-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Korea for WooCommerce: from n/a through <= 1.1.11.
7.1
CVE-2025-24631 - WordPress BP Email Assign Templates Plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Email Assign Templates bp-email-assign-templates allows Reflected XSS.This issue affects BP Email Assign Templates: from n/a through <= 1.5.
7.1
CVE-2025-24630 - WordPress Sikshya LMS Plugin <= 0.0.21 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Sikshya LMS sikshya allows Reflected XSS.This issue affects Sikshya LMS: from n/a through <= 0.0.21.