6.5
CVE-2025-22803 - WordPress Advanced Product Information for WooCommerce plugin <= 1.1.4 - Cross Site Scripting (XSS)β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Advanced Product Information for WooCommerce woo-advanced-product-information allows Stored XSS.This issue affects Advanced Product Information for WooCommerce: from n/a through <= 1.1.4.
6.5
CVE-2025-22804 - WordPress Author Avatars List/Block plugin <= 2.1.23 - Stored Cross Site Scripting (XSS) vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through <= 2.1.23.
6.5
CVE-2025-22805 - WordPress Skill Bar Plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Skill Bar skillbars allows Stored XSS.This issue affects Skill Bar: from n/a through <= 1.2.
6.5
CVE-2025-22806 - WordPress Black Widgets For Elementor plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through <= 1.3.8.
6.5
CVE-2025-22807 - WordPress Responsive Flickr Slideshow Plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Responsive Flickr Slideshow mobile-friendly-flickr-slideshow allows Stored XSS.This issue affects Responsive Flickr Slideshow: from n/a through <= 2.6.0.
6.5
CVE-2025-22808 - WordPress Surbma | Premium WP plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Surbma Surbma | Premium WP surbma-premium-wp allows DOM-Based XSS.This issue affects Surbma | Premium WP: from n/a through <= 9.0.
6.5
CVE-2025-22809 - WordPress PDF Catalog Woocommerce plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theme funda PDF Catalog Woocommerce pdf-catalog-woocommerce allows DOM-Based XSS.This issue affects PDF Catalog Woocommerce: from n/a through <= 2.0.
6.5
CVE-2025-22810 - WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phi Phan Content Blocks Builder content-blocks-builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through <= 2.7.6.
6.5
CVE-2025-22811 - WordPress MT Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristian Stan MT Addons for Elementor mt-addons-for-elementor allows Stored XSS.This issue affects MT Addons for Elementor: from n/a through <= 1.0.6.
6.5
CVE-2025-22812 - WordPress News Ticker Widget for Elementor plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aezaz Shaikh News Ticker Widget for Elementor news-ticker-widget-for-elementor allows Stored XSS.This issue affects News Ticker Widget for Elementor: from n/a through <= 1.3.2.