5.9
CVE-2025-22579 - WordPress WP Header Notification plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly WP Header Notification wp-header-notification allows Stored XSS.This issue affects WP Header Notification: from n/a through <= 1.2.7.
6.5
CVE-2025-22580 - WordPress Biltorvet Dealer Tools plugin <= 1.0.22 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Auto IT Biltorvet Dealer Tools biltorvet-dealer-tools allows Stored XSS.This issue affects Biltorvet Dealer Tools: from n/a through <= 1.0.22.
6.5
CVE-2025-22581 - WordPress Arcade Ready plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bytephp Arcade Ready arcadeready allows Stored XSS.This issue affects Arcade Ready: from n/a through <= 1.1.
7.1
CVE-2025-22582 - WordPress Uptime Robot plugin <= 0.1.3 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Scott Nelle Uptime Robot uptime-robot allows Stored XSS.This issue affects Uptime Robot: from n/a through <= 0.1.3.
6.5
CVE-2025-22584 - WordPress Timeline Pro plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsPoint Timeline Pro timeline-pro allows DOM-Based XSS.This issue affects Timeline Pro: from n/a through <= 1.3.
6.5
CVE-2025-22585 - WordPress Ultimate Image Hover Effects plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Ultimate Image Hover Effects ultimate-image-hover-effects allows DOM-Based XSS.This issue affects Ultimate Image Hover Effects: from n/a through <= 1.1.2.
7.1
CVE-2025-22589 - WordPress Quote Tweet plugin <= 0.7 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet quote-tweet allows Stored XSS.This issue affects Quote Tweet: from n/a through <= 0.7.
7.1
CVE-2025-22590 - WordPress Prayer Times Anywhere plugin <= 2.0.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere prayer-times-anywhere allows Stored XSS.This issue affects Prayer Times Anywhere: from n/a through <= 2.0.1.
4.3
CVE-2025-22591 - WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability
Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through <= 1.87.
7.5
CVE-2025-22592 - WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability
Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through <= 1.87.