7.1
CVE-2025-27345 - WordPress Booking Ultra Pro Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Reflected XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.19.
7.1
CVE-2025-27346 - WordPress Rebuild Permalinks Plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gerrygooner Rebuild Permalinks allows Reflected XSS. This issue affects Rebuild Permalinks: from n/a through 1.6.
7.1
CVE-2025-27354 - WordPress Simple Email Subscriber plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phil88530 Simple Email Subscriber allows Reflected XSS. This issue affects Simple Email Subscriber: from n/a through 2.3.
7.1
CVE-2025-31006 - WordPress Activity Reactions For Buddypress plugin <= 1.0.22 - Reflected Cross Site Scripting (XSS)β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arete-it Activity Reactions For Buddypress allows Reflected XSS. This issue affects Activity Reactions For Buddypress: from n/a through 1.0.22.
7.1
CVE-2025-31018 - WordPress FireDrum Email Marketing plugin <= 1.64 - Reflected Cross Site Scripting (XSS) vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FireDrum FireDrum Email Marketing allows Reflected XSS. This issue affects FireDrum Email Marketing: from n/a through 1.64.
7.5
CVE-2025-31030 - WordPress Ray Enterprise Translation <= 1.7.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jbhovik Ray Enterprise Translation allows PHP Local File Inclusion. This issue affects Ray Enterprise Translation: from n/a through 1.7.0.
9.8
CVE-2025-31380 - WordPress Paid Videochat Turnkey Site plugin <= 7.3.11 - Broken Authentication Vulnerability
Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site allows Password Recovery Exploitation. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.11.
7.1
CVE-2025-32490 - WordPress wp secure <= 1.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebsiteDefender wp secure allows Stored XSS. This issue affects wp secure: from n/a through 1.2.
7.1
CVE-2025-32504 - WordPress Silvasoft boekhouden plugin <= 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden allows Reflected XSS. This issue affects Silvasoft boekhouden: from n/a through 3.0.5.
7.1
CVE-2025-32506 - WordPress AT Internet SmartTag plugin <= 0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BenDlz AT Internet SmartTag allows Reflected XSS. This issue affects AT Internet SmartTag: from n/a through 0.2.