5.9
CVE-2025-24674 - WordPress ShMapper by Teplitsa Plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Denis Cherniatev ShMapper by Teplitsa shmapper-by-teplitsa allows Stored XSS.This issue affects ShMapper by Teplitsa: from n/a through <= 1.5.0.
7.6
CVE-2025-24683 - WordPress RSVP and Event Management Plugin <= 2.7.14 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill RSVP and Event Management rsvp allows SQL Injection.This issue affects RSVP and Event Management: from n/a through <= 2.7.14.
4.4
CVE-2025-24695 - WordPress Extensions For CF7 Plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0.
4.4
CVE-2025-24701 - WordPress Chained Quiz Plugin <= 1.3.2.9 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Bob Chained Quiz chained-quiz allows Server Side Request Forgery.This issue affects Chained Quiz: from n/a through <= 1.3.2.9.
4.3
CVE-2025-24691 - WordPress People Lists plugin <= 1.3.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in ctltwp People Lists people-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects People Lists: from n/a through <= 1.3.10.
4.3
CVE-2025-24693 - WordPress Advanced Notifications plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Yehi Advanced Notifications advanced-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Notifications: from n/a through <= 1.2.7.
5.9
CVE-2025-24681 - WordPress Product Carousel Slider & Grid Ultimate for WooCommerce Plugin <= 1.10.0 - Cross Site Scβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate allows Stored XSS.This issue affects Product Carousel Slider & Grid Ultimate for WooCommeβ¦
6.5
CVE-2025-24678 - WordPress Listamester Plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in listamester Listamester listamester allows Stored XSS.This issue affects Listamester: from n/a through <= 2.3.4.
4.3
CVE-2025-24682 - WordPress Super Block Slider plugin <= 2.7.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Michael Super Block Slider super-block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Block Slider: from n/a through <= 2.7.9.
6.5
CVE-2025-24687 - WordPress Show/Hide Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lars Wallenborn Show/Hide Shortcode showhide-shortcode allows Stored XSS.This issue affects Show/Hide Shortcode: from n/a through <= 1.0.0.