7.1
CVE-2025-22763 - WordPress Brizy Pro Plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1.
7.1
CVE-2025-22735 - WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Burge WordPress Tag Cloud Plugin β Tag Groups tag-groups allows Reflected XSS.This issue affects WordPress Tag Cloud Plugin β Tag Groups: from n/a through <= 2.0.4.
9.3
CVE-2025-22553 - WordPress Multiple Carousel Plugin <= 2.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dhananjaysingh Multiple Carousel multicarousel allows SQL Injection.This issue affects Multiple Carousel: from n/a through <= 2.0.
7.1
CVE-2025-22322 - WordPress Private Messages for UserPro plugin <= 4.10.0 - Reflected Cross Site Scripting (XSS) vulnβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging allows Reflected XSS.This issue affects Private Messages for UserPro: from n/a through <= 4.10.0.
7.5
CVE-2025-22318 - WordPress Standard Box Sizes plugin <= 1.6.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in enituretechnology Standard Box Sizes β for WooCommerce standard-box-sizes.This issue affects Standard Box Sizes β for WooCommerce: from n/a through <= 1.6.13.
7.5
CVE-2025-22311 - WordPress Private Messages for UserPro plugin <= 4.10.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging.This issue affects Private Messages for UserPro: from n/a through <= 4.10.0.
0.0
CVE-2024-56277 - WordPress Poll Maker Plugin < 5.5.5 - HTML Injection vulnerability
Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through < 5.5.5.
9
CVE-2024-51919 - WordPress Fancy Product Designer plugin <= 6.4.3 - Unauthenticated Arbitrary File Upload vulnerabilβ¦
Unrestricted Upload of File with Dangerous Type vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3.
9.8
CVE-2024-51888 - WordPress Homey Login Register Plugin <= 2.4.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in favethemes Homey Login Register homey-login-register allows Privilege Escalation.This issue affects Homey Login Register: from n/a through <= 2.4.0.
9.3
CVE-2024-51818 - WordPress Fancy Product Designer plugin <= 6.4.3 - Unauthenticated SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3.