7.1
CVE-2025-23977 - WordPress Post Carousel Slider plugin <= 2.0.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Post Carousel Slider post-carousel-slider allows Stored XSS.This issue affects Post Carousel Slider: from n/a through <= 2.0.1.
7.1
CVE-2025-23976 - WordPress Issuu Panel plugin <= 2.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in operationsissuu Issuu Panel issuu-panel allows Stored XSS.This issue affects Issuu Panel: from n/a through <= 2.1.1.
6.5
CVE-2025-22757 - WordPress CodeBard Help Desk plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard Help Desk codebard-help-desk allows Stored XSS.This issue affects CodeBard Help Desk: from n/a through <= 1.1.2.
5.8
CVE-2025-22720 - WordPress WpRently | WordPress plugin plugin <= 2.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.2.1.
7.1
CVE-2025-22564 - WordPress Pretty Url Plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faaiq Pretty Url pretty-url allows Reflected XSS.This issue affects Pretty Url: from n/a through <= 1.5.4.
7.1
CVE-2025-22341 - WordPress Hide Login+ plugin <= 3.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in parswp Hide Login+ hide-login allows Reflected XSS.This issue affects Hide Login+: from n/a through <= 3.5.1.
7.1
CVE-2025-22332 - WordPress CloudFlare(R) Cache Purge plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanaver CloudFlare(R) Cache Purge cloudflare-cache-purge allows Reflected XSS.This issue affects CloudFlare(R) Cache Purge: from n/a through <= 1.2.
6.5
CVE-2025-22265 - WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability
Missing Authorization vulnerability in mgplugin EMI Calculator emi-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EMI Calculator: from n/a through <= 1.1.
5.4
CVE-2024-44055 - WordPress Oshine Modules plugin < 3.3.6 - Unauthenticated Server Side Request Forgery (SSRF) vulnerβ¦
Server-Side Request Forgery (SSRF) vulnerability in brandexponents Oshine Modules oshine-modules.This issue affects Oshine Modules: from n/a through < 3.3.8.
6.4
CVE-2024-13566 - WP DataTable <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The WP DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βidβ parameter in all versions up to, and including, 0.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and aboβ¦