6.5
CVE-2025-29011 - WordPress YouTube Simple Gallery plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer YouTube Simple Gallery youtube-simple-gallery allows Stored XSS.This issue affects YouTube Simple Gallery: from n/a through <= 2.2.0.
5.4
CVE-2025-29013 - WordPress Custom Category/Post Type Post order plugin <= 1.6.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order custom-post-order-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Category/Post Type Post order: from n/a through <= 1.6.0.
4.3
CVE-2025-30624 - WordPress WordLift plugin <= 3.54.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WordLift WordLift wordlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordLift: from n/a through <= 3.54.4.
5.9
CVE-2025-30625 - WordPress AppBanners plugin <= 1.5.14 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Pramschufer AppBanners appbanners allows Stored XSS.This issue affects AppBanners: from n/a through <= 1.5.14.
5.9
CVE-2025-30627 - WordPress Elegant Visitor Counter plugin <= 3.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regolithsjk Elegant Visitor Counter elegant-visitor-counter allows Stored XSS.This issue affects Elegant Visitor Counter: from n/a through <= 3.1.
4.3
CVE-2025-30629 - WordPress Bitly URL Shortener plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Codehaveli Bitly URL Shortener codehaveli-bitly-url-shortener allows Cross Site Request Forgery.This issue affects Bitly URL Shortener: from n/a through <= 1.4.1.
5.9
CVE-2025-30630 - WordPress Global Translator plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pozzad Global Translator global-translator allows Stored XSS.This issue affects Global Translator: from n/a through <= 2.0.2.
5.4
CVE-2025-30632 - WordPress Global Translator plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Translator global-translator allows Cross Site Request Forgery.This issue affects Global Translator: from n/a through <= 2.0.2.
5.9
CVE-2025-30634 - WordPress WP Featured Content Slider plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IWEBIX WP Featured Content Slider wp-featured-content-slider allows Stored XSS.This issue affects WP Featured Content Slider: from n/a through <= 2.6.
5.4
CVE-2025-30636 - WordPress Accessibility Suite plugin <= 4.19 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.19.