7.1
CVE-2025-23443 - WordPress Author Showcase plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Claire Ryan Author Showcase author-showcase allows Reflected XSS.This issue affects Author Showcase: from n/a through <= 1.4.3.
7.1
CVE-2025-23448 - WordPress visualslider Sldier plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dastan800 visualslider Sldier visual-slider allows Reflected XSS.This issue affects visualslider Sldier: from n/a through <= 1.1.1.
6.5
CVE-2025-23773 - WordPress Delete All Posts plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in mingocommerce Delete All Posts delele-all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Delete All Posts: from n/a through <= 1.1.1.
7.1
CVE-2025-23782 - WordPress TotalContest Lite Plugin <= 2.8.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Reflected XSS.This issue affects TotalContest Lite: from n/a through <= 2.8.1.
7.1
CVE-2025-23855 - WordPress SpiderDisplay plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyljp SpiderDisplay spiderdisplay allows Reflected XSS.This issue affects SpiderDisplay: from n/a through <= 1.9.1.
7.1
CVE-2025-23858 - WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through <= 4.2.
6.5
CVE-2025-23906 - WordPress WordPress Dashboard Tweeter plugin <= 1.3.2 - Settings Change vulnerability
Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2.
6.5
CVE-2025-23958 - WordPress Editor Wysiwyg Background Color plugin <= 1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color editor-wysiwyg-background-color allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editor Wysiwyg Background Color: from n/a through <= 1.0.
7.1
CVE-2025-24539 - WordPress DeBounce Email Validator plugin <= 5.6.5 - Reflected Cross Site Scripting (XSS) vulnerabiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Reflected XSS.This issue affects DeBounce Email Validator: from n/a through <= 5.6.5.
7.1
CVE-2025-24548 - WordPress Autoglot β Automatic WordPress Translation plugin <=2.4.7 - Reflected Cross Site Scriptinβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Autoglot Autoglot β Automatic WordPress Translation autoglot allows Reflected XSS.This issue affects Autoglot β Automatic WordPress Translation: from n/a through <= 2.4.7.