5.4
CVE-2025-24720 - WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through <= 4.1.1.
4.3
CVE-2025-24696 - WordPress Gutenberg Blocks and Page Layouts Plugin <= 1.9.6 - Cross Site Request Forgery (CSRF) vulβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Shafaet Alam Attire Blocks attire-blocks allows Cross Site Request Forgery.This issue affects Attire Blocks: from n/a through <= 1.9.6.
6.5
CVE-2025-24706 - WordPress MultiVendorX plugin <= 4.2.13 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Stored XSS.This issue affects MultiVendorX: from n/a through <= 4.2.13.
6.5
CVE-2025-24709 - WordPress Plethora Plugins Tabs + Accordions plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vuβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plethora Plugins Plethora Plugins Tabs + Accordions plethora-tabs-accordions allows Stored XSS.This issue affects Plethora Plugins Tabs + Accordions: from n/a through <= 1.1.5.
5.4
CVE-2025-24712 - WordPress Radius Blocks β WordPress Gutenberg Blocks Plugin <= 2.1.2 - Cross Site Request Forgery (β¦
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Radius Blocks radius-blocks allows Cross Site Request Forgery.This issue affects Radius Blocks: from n/a through <= 2.1.2.
4.3
CVE-2025-24698 - WordPress Essential Real Estate plugin <= 5.1.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request Forgery.This issue affects Essential Real Estate: from n/a through <= 5.1.8.
5.4
CVE-2025-24711 - WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box popup-box allows Cross Site Request Forgery.This issue affects Popup Box: from n/a through <= 3.2.4.
5.4
CVE-2025-24714 - WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu β circle floating menu bubble-menu allows Cross Site Request Forgery.This issue affects Bubble Menu β circle floating menu: from n/a through <= 4.0.2.
5.3
CVE-2025-24705 - WordPress WooCommerce Quick View plugin <= 1.1.1 - Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in Arshid WooCommerce Quick View woo-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Quick View: from n/a through <= 1.1.1.
6.5
CVE-2025-24704 - WordPress Magic the Gathering Card Tooltips plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grimdonkey Magic the Gathering Card Tooltips magic-the-gathering-card-tooltips allows Stored XSS.This issue affects Magic the Gathering Card Tooltips: from n/a through <= 3.4.0.