6.5
CVE-2025-23876 - WordPress WP krpano plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in No-Nonsense WP krpano wp-krpano allows Stored XSS.This issue affects WP krpano: from n/a through <= 1.2.1.
6.5
CVE-2025-23893 - WordPress GMap Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manny Costales GMap Shortcode gmap-shortcode allows DOM-Based XSS.This issue affects GMap Shortcode: from n/a through <= 2.0.
7.1
CVE-2025-23875 - WordPress Better Protected Pages plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in madeglobal Better Protected Pages better-protected-pages allows Stored XSS.This issue affects Better Protected Pages: from n/a through <= 1.0.
6.5
CVE-2025-23886 - WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie annie allows Stored XSS.This issue affects Annie: from n/a through <= 2.1.1.
7.1
CVE-2025-23880 - WordPress amr personalise plugin <= 2.10 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in anmari amr personalise amr-personalise allows Cross Site Request Forgery.This issue affects amr personalise: from n/a through <= 2.10.
5.9
CVE-2025-23878 - WordPress Post-to-Post Links plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Post-to-Post Links easy-post-to-post-links allows Stored XSS.This issue affects Post-to-Post Links: from n/a through <= 4.2.
6.5
CVE-2025-23873 - WordPress Category D3 Tree plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshi Solutions Category D3 Tree category-d3-tree allows Stored XSS.This issue affects Category D3 Tree: from n/a through <= 1.1.
6.5
CVE-2025-23877 - WordPress Nite Shortcodes plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nitethemes Nite Shortcodes nite-shortcodes allows Stored XSS.This issue affects Nite Shortcodes: from n/a through <= 1.0.
7.1
CVE-2025-23872 - WordPress PayForm plugin <= 2.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in payform PayForm payform allows Stored XSS.This issue affects PayForm: from n/a through <= 2.0.
6.5
CVE-2025-23864 - WordPress WCS QR Code Generator plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luke America WCS QR Code Generator wcs-qr-code-generator allows Stored XSS.This issue affects WCS QR Code Generator: from n/a through <= 1.0.