7.1
CVE-2025-39420 - WordPress WP Twitter Button plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ruudkok WP Twitter Button wp-twitter-button allows Stored XSS.This issue affects WP Twitter Button: from n/a through <= 1.4.1.
7.1
CVE-2025-39421 - WordPress WP Sticky Side Buttons plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons wp-sticky-side-buttons allows Stored XSS.This issue affects WP Sticky Side Buttons: from n/a through <= 2.1.
7.1
CVE-2025-39422 - WordPress WP Social Bookmarking plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking wp-social-bookmarking allows Stored XSS.This issue affects WP Social Bookmarking: from n/a through <= 3.6.
7.1
CVE-2025-39423 - WordPress Add to Header plugin <= 1.0 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header add-to-header allows Stored XSS.This issue affects Add to Header: from n/a through <= 1.0.
7.1
CVE-2025-39424 - WordPress Simple Maps plugin <= 0.98 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps interactive-maps allows Stored XSS.This issue affects Simple Maps: from n/a through <= 0.98.
4.3
CVE-2025-39425 - WordPress Style Manager plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnโฆ
Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager style-manager allows Cross Site Request Forgery.This issue affects Style Manager: from n/a through <= 2.2.7.
4.3
CVE-2025-39426 - WordPress illow โ Cookies Consent plugin <= 0.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in illow illow โ Cookies Consent lgpd-compliant-cookie-banner allows Cross Site Request Forgery.This issue affects illow โ Cookies Consent: from n/a through <= 0.2.0.
5.9
CVE-2025-39427 - WordPress WP Post to PDF Enhanced plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beth Tucker Long WP Post to PDF Enhanced wp-post-to-pdf-enhanced allows Stored XSS.This issue affects WP Post to PDF Enhanced: from n/a through <= 1.1.1.
5.9
CVE-2025-39428 - WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scrโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes-with-fontawesome-and-placeholder-support allows Stored XSS.This issue affects Gravity Forms CSS Theโฆ
7.5
CVE-2025-39429 - WordPress Szรฉchenyi 2020 Logo <= 1.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fรถldesi, Mihรกly Szรฉchenyi 2020 Logo szechenyi-2020-logo allows PHP Local File Inclusion.This issue affects Szรฉchenyi 2020 Logo: from n/a through <= 1.1.