6.5

CVSS3.1

CVE-2025-22340 - WordPress Data Dash plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash data-dash allows Stored XSS.This issue affects Data Dash: from n/a through <= 1.2.3.

📅 Published: April 17, 2025, 3:17 p.m. 🔄 Last Modified: April 23, 2026, 3:23 p.m.

7.1

CVSS3.1

CVE-2025-22565 - WordPress vooPlayer v4 Plugin <= 4.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bill Zimmerman vooPlayer v4 vooplayer allows Reflected XSS.This issue affects vooPlayer v4: from n/a through <= 4.0.4.

📅 Published: April 17, 2025, 3:17 p.m. 🔄 Last Modified: April 23, 2026, 3:23 p.m.

8.2

CVSS3.1

CVE-2025-22636 - WordPress VR-Frases plugin <= 4.0.1 - Reflected XSS to SQL Injection vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vicente Ruiz Gálvez VR-Frases vr-frases allows Reflected XSS.This issue affects VR-Frases: from n/a through <= 4.0.1.

📅 Published: April 17, 2025, 3:17 p.m. 🔄 Last Modified: April 23, 2026, 3:23 p.m.

7.1

CVSS3.1

CVE-2025-22651 - WordPress Stylish Google Sheet Reader plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerab…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wppluginboxdev Stylish Google Sheet Reader stylish-google-sheet-reader allows Reflected XSS.This issue affects Stylish Google Sheet Reader: from n/a through <= 4.0.

📅 Published: April 17, 2025, 3:17 p.m. 🔄 Last Modified: April 23, 2026, 3:23 p.m.

9.3

CVSS3.1

CVE-2025-22655 - WordPress CWD - Stealth Links plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links cwd-stealth-links allows SQL Injection.This issue affects CWD – Stealth Links: from n/a through <= 1.3.

📅 Published: April 17, 2025, 3:17 p.m. 🔄 Last Modified: April 23, 2026, 3:23 p.m.

7.1

CVSS3.1

CVE-2025-22692 - WordPress Sponsered Link plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rachanaS Sponsered Link sponsered-link allows Reflected XSS.This issue affects Sponsered Link: from n/a through <= 4.0.

📅 Published: April 17, 2025, 3:17 p.m. 🔄 Last Modified: April 23, 2026, 3:23 p.m.

6.5

CVSS3.1

CVE-2025-22771 - WordPress The Great Firewords of China plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studio Hyperset The Great Firewords of China sensitive-chinese-words-scanner allows Stored XSS.This issue affects The Great Firewords of China: from n/a through <= 1.2.

📅 Published: April 17, 2025, 3:17 p.m. 🔄 Last Modified: April 23, 2026, 3:23 p.m.

7.1

CVSS3.1

CVE-2025-22774 - WordPress CRUDLab Scroll to Top Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Scroll to Top crudlab-scroll-to-top allows Reflected XSS.This issue affects CRUDLab Scroll to Top: from n/a through <= 1.0.1.

📅 Published: April 17, 2025, 3:17 p.m. 🔄 Last Modified: April 23, 2026, 3:23 p.m.

7.1

CVSS3.1

CVE-2025-22796 - WordPress WP-Asambleas Plugin <= 2.85.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in platcom WP-Asambleas wp-asambleas allows Reflected XSS.This issue affects WP-Asambleas: from n/a through <= 2.85.0.

📅 Published: April 17, 2025, 3:17 p.m. 🔄 Last Modified: April 23, 2026, 3:23 p.m.

7.5

CVSS3.1

CVE-2025-26968 - WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5.

📅 Published: April 17, 2025, 3:17 p.m. 🔄 Last Modified: April 28, 2026, 4:11 p.m.

Vulnerability Database Index

6.5

CVE-2025-22340 - WordPress Data Dash plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

7.1

CVE-2025-22565 - WordPress vooPlayer v4 Plugin <= 4.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

8.2

CVE-2025-22636 - WordPress VR-Frases plugin <= 4.0.1 - Reflected XSS to SQL Injection vulnerability

7.1

CVE-2025-22651 - WordPress Stylish Google Sheet Reader plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerab…

9.3

CVE-2025-22655 - WordPress CWD - Stealth Links plugin <= 1.3 - SQL Injection vulnerability

7.1

CVE-2025-22692 - WordPress Sponsered Link plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability

6.5

CVE-2025-22771 - WordPress The Great Firewords of China plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

7.1

CVE-2025-22774 - WordPress CRUDLab Scroll to Top Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

7.1

CVE-2025-22796 - WordPress WP-Asambleas Plugin <= 2.85.0 - Reflected Cross Site Scripting (XSS) vulnerability

7.5

CVE-2025-26968 - WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability