6.5
CVE-2025-24702 - WordPress Xagio SEO plugin <= 7.0.0.20 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xagio SEO Xagio SEO xagio-seo allows Stored XSS.This issue affects Xagio SEO: from n/a through <= 7.0.0.20.
6.5
CVE-2025-24675 - WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.2 - Cross Site Scripting (XSS) vulnβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows Stored XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 7.2.
5.9
CVE-2025-24666 - WordPress Hyve Lite plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle AI Chatbot for WordPress β Hyve Lite hyve-lite allows Stored XSS.This issue affects AI Chatbot for WordPress β Hyve Lite: from n/a through <= 1.2.2.
4.3
CVE-2025-24679 - WordPress Internal Links Manager plugin <= 2.5.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in webraketen Internal Links Manager seo-automated-link-building allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Links Manager: from n/a through <= 2.5.2.
6.5
CVE-2025-24673 - WordPress Ketchup Shortcodes Plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AyeCode Ketchup Shortcodes ketchup-shortcodes-pack allows Stored XSS.This issue affects Ketchup Shortcodes: from n/a through <= 0.1.2.
8.5
CVE-2025-24669 - WordPress SERPed.net Plugin <= 4.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in serpednet SERPed.net serped-net allows SQL Injection.This issue affects SERPed.net: from n/a through <= 4.4.
5.9
CVE-2025-24658 - WordPress Auction Nudge β Your eBay on Your Site plugin <= 7.2.0 - Cross Site Scripting (XSS) vulneβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Auction Nudge β Your eBay on Your Site auction-nudge allows Stored XSS.This issue affects Auction Nudge β Your eBay on Your Site: from n/a through <= 7.2.0.
8.5
CVE-2025-24672 - WordPress Form Builder CP Plugin <= 1.2.41 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople Form Builder CP cp-easy-form-builder allows SQL Injection.This issue affects Form Builder CP: from n/a through <= 1.2.41.
5.9
CVE-2025-24668 - WordPress PPOM for WooCommerce plugin <= 33.0.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Stored XSS.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.8.
7.6
CVE-2025-24659 - WordPress Premium Packages β Sell Digital Products Securely plugin <= 5.9.6 - SQL Injection vulneraβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada WPDM β Premium Packages wpdm-premium-packages allows Blind SQL Injection.This issue affects WPDM β Premium Packages: from n/a through <= 5.9.6.