6.5
CVE-2025-31621 - WordPress byBrick Accordion plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidpaulsson byBrick Accordion bybrick-accordion allows Stored XSS.This issue affects byBrick Accordion: from n/a through <= 1.0.
6.5
CVE-2025-31620 - WordPress CoverManager plugin <= 0.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carperfer CoverManager covermanager allows Stored XSS.This issue affects CoverManager: from n/a through <= 0.0.1.
5.3
CVE-2025-31618 - WordPress Connector to CiviCRM with CiviMcRestFace plugin <= 1.0.10 - Broken Access Control vulneraβ¦
Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through <= 1.0.10.
7.1
CVE-2025-31617 - WordPress PostmarkApp Email Integrator plugin <= 2.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh PostmarkApp Email Integrator postmarkapp-email-integrator allows Cross Site Request Forgery.This issue affects PostmarkApp Email Integrator: from n/a through <= 2.4.
7.1
CVE-2025-31616 - WordPress Varnish WordPress plugin <= 1.7 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress varnish-wp allows Cross Site Request Forgery.This issue affects Varnish WordPress: from n/a through <= 1.7.
7.1
CVE-2025-31615 - WordPress Simple Contact Forms plugin <= 1.6.4 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows Stored XSS.This issue affects Simple Contact Forms: from n/a through <= 1.6.4.
6.5
CVE-2025-31614 - WordPress Terms Before Download plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hiroprot Terms Before Download terms-before-download allows Stored XSS.This issue affects Terms Before Download: from n/a through <= 1.0.5.
7.1
CVE-2025-31613 - WordPress AB Google Map Travel plugin <= 4.6 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel ab-google-map-travel allows Cross Site Request Forgery.This issue affects AB Google Map Travel : from n/a through <= 4.6.
4.3
CVE-2025-31611 - WordPress Auto Post After Image Upload plugin <= 1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload auto-post-after-image-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Post After Image Upload: from n/a through <= 1.6.
5.9
CVE-2025-31610 - WordPress Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme plugin <= 1.1β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gingerplugins Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme gp-notification-bar allows Stored XSS.This issue affects Notification Bar, Sticky Notification Bar, Sticky β¦