1.8
CVE-2024-52328 - ECOVACS lawnmowers and vacuums insecurely store audio warning files
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
5.8
CVE-2024-52325 - ECOVACS robot lawnmowers and vacuums command injection
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
7.1
CVE-2025-23960 - WordPress Save & Import Image from URL Plugin <= 0.7 - Reflected Cross Site Scripting (XSS) vulneraβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in basteln3rk Save & Import Image from URL save-import-image-from-url allows Reflected XSS.This issue affects Save & Import Image from URL: from n/a through <= 0.7.
7.1
CVE-2025-23894 - WordPress wp-flickr-press Plugin <= 2.6.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tatsuya wp-flickr-press wp-flickr-press allows Reflected XSS.This issue affects wp-flickr-press: from n/a through <= 2.6.4.
7.1
CVE-2025-23836 - WordPress Custom Coming Soon Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SuryaBhan Custom Coming Soon custom-coming-soon allows Reflected XSS.This issue affects Custom Coming Soon: from n/a through <= 2.2.
7.1
CVE-2025-23835 - WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jmraya Legal + legal-plus allows Reflected XSS.This issue affects Legal +: from n/a through <= 1.0.
7.1
CVE-2025-23834 - WordPress Links/Problem Reporter plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter report-broken-links allows Reflected XSS.This issue affects Links/Problem Reporter: from n/a through <= 2.6.0.
7.1
CVE-2025-23733 - WordPress SC Simple Zazzle plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sayoko SC Simple Zazzle sc-simple-zazzle allows Reflected XSS.This issue affects SC Simple Zazzle: from n/a through <= 1.1.6.
7.1
CVE-2025-23730 - WordPress FLX Dashboard Groups plugin <= 0.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flx0 FLX Dashboard Groups flx-dashboard-groups allows Reflected XSS.This issue affects FLX Dashboard Groups: from n/a through <= 0.0.7.
7.1
CVE-2025-23729 - WordPress XTRA Settings plugin <= 2.1.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fures XTRA Settings xtra-settings allows Reflected XSS.This issue affects XTRA Settings: from n/a through <= 2.1.8.