7.1
CVE-2025-23760 - WordPress Chatter plugin <= 1.0.1 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1.
4.3
CVE-2025-23957 - WordPress Sur.ly plugin <= 3.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in surdotly Sur.ly surly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through <= 3.0.3.
6.5
CVE-2025-23965 - WordPress Kopa Nictitate Toolkit plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kopatheme Kopa Nictitate Toolkit kopa-nictitate-toolkit allows Stored XSS.This issue affects Kopa Nictitate Toolkit: from n/a through <= 1.0.2.
5.4
CVE-2025-23961 - WordPress WordPress Graphs & Charts Plugin <= 2.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in wptasker WordPress Graphs & Charts graph-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through <= 2.0.8.
4.3
CVE-2025-23955 - WordPress Xola plugin <= 1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in xola Xola xola-bookings-for-tours-activities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through <= 1.6.
5.4
CVE-2025-23963 - WordPress Mark Posts plugin <= 2.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in flymke Mark Posts mark-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through <= 2.2.4.
4.3
CVE-2025-23962 - WordPress Goldstar plugin <= 2.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in jjtrabucco Goldstar goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through <= 2.1.1.
4.3
CVE-2025-23954 - WordPress Salvador โ AI Image Generator plugin <= 1.0.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in awcode Salvador โ AI Image Generator salvador-ai-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador โ AI Image Generator: from n/a through <= 1.0.11.
6.5
CVE-2025-23939 - WordPress Image Switcher plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KHAN-IT Image Switcher image-switcher allows Stored XSS.This issue affects Image Switcher: from n/a through <= 1.1.
6.5
CVE-2025-23950 - WordPress EZPlayer plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ezmarketing EZPlayer ezplayer allows Stored XSS.This issue affects EZPlayer: from n/a through <= 1.0.10.