7.1
CVE-2025-22548 - WordPress ldap_login_password_and_role_manager plugin <= 1.0.12 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in frankkoenen ldap_login_password_and_role_manager ldap-login-password-and-role-manager allows Stored XSS.This issue affects ldap_login_password_and_role_manager: from n/a through <= 1.0.12.
6.5
CVE-2025-22549 - WordPress WP Github plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seinoxygen WP Github wp-github allows Stored XSS.This issue affects WP Github: from n/a through <= 1.3.3.
6.5
CVE-2025-22550 - WordPress AddFunc Mobile Detect plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Rhoney AddFunc Mobile Detect addfunc-mobile-detect allows Stored XSS.This issue affects AddFunc Mobile Detect: from n/a through <= 3.1.
6.5
CVE-2025-22551 - WordPress Boot-Modal plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in albedo0 Boot-Modal boot-modal allows Stored XSS.This issue affects Boot-Modal: from n/a through <= 1.9.1.
7.1
CVE-2025-22552 - WordPress Affiliate Disclosure Statement plugin <= 0.3 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Affiliate Disclosure Statement affiliate-disclosure-statement allows Cross Site Request Forgery.This issue affects Affiliate Disclosure Statement: from n/a through <= 0.3.
6.5
CVE-2025-22554 - WordPress Video Embed Optimizer plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fdfranklin06 Video Embed Optimizer video-embed-optimizer allows Stored XSS.This issue affects Video Embed Optimizer: from n/a through <= 1.0.0.
7.1
CVE-2025-22555 - WordPress Smoothness Slider Shortcode plugin <= v1.2.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in njshofe Smoothness Slider Shortcode smoothness-slider-shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: from n/a through <= v1.2.2.
7.1
CVE-2025-22556 - WordPress Norse Rune Oracle plugin <= 1.4.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Norse Rune Oracle Plugin norse-runes-oracle allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a through <= 1.4.2.
7.1
CVE-2025-22557 - WordPress News Publisher Autopilot plugin <= 2.1.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in cdowp News Publisher Autopilot wpm-news-api allows Cross Site Request Forgery.This issue affects News Publisher Autopilot: from n/a through <= 2.1.4.
6.5
CVE-2025-22558 - WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through <= 1.6.4.