5.9
CVE-2025-31587 - WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elfsight Elfsight Testimonials Slider elfsight-testimonials-slider allows Stored XSS.This issue affects Elfsight Testimonials Slider: from n/a through <= 1.0.1.
6.5
CVE-2025-31586 - WordPress Gallery β Photo Albums Plugin plugin <= 1.3.170 - Stored Cross Site Scripting (XSS) vulneβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery β Photo Albums Plugin easy-media-gallery allows Stored XSS.This issue affects Gallery β Photo Albums Plugin: from n/a through <= 1.3.170.
7.1
CVE-2025-31585 - WordPress Leadfox for WordPress plugin <= 2.1.9 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress leadfox allows Cross Site Request Forgery.This issue affects Leadfox for WordPress: from n/a through <= 2.1.9.
5.4
CVE-2025-31584 - WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in elfsight Elfsight Testimonials Slider elfsight-testimonials-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elfsight Testimonials Slider: from n/a through <= 1.0.1.
7.1
CVE-2025-31583 - WordPress WP Copy Media URL plugin <= 2.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Copy Media URL wp-copy-media-url allows Stored XSS.This issue affects WP Copy Media URL: from n/a through <= 2.1.
6.6
CVE-2025-31577 - WordPress Appointify plugin <= 1.0.8 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify appointify allows Upload a Web Shell to a Web Server.This issue affects Appointify: from n/a through <= 1.0.8.
4.3
CVE-2025-31576 - WordPress PostmarkApp Email Integrator plugin <= 2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator postmarkapp-email-integrator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostmarkApp Email Integrator: from n/a through <= 2.4.
5.9
CVE-2025-31575 - WordPress Flag Icons plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vasilis Triantafyllou Flag Icons language-icons-flags-switcher allows Stored XSS.This issue affects Flag Icons: from n/a through <= 2.2.
6.5
CVE-2025-31574 - WordPress Custom Content Scrollbar plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftHopper Custom Content Scrollbar custom-content-scrollbar allows Stored XSS.This issue affects Custom Content Scrollbar: from n/a through <= 1.3.
4.3
CVE-2025-31572 - WordPress Multi Days Events and Multi Events in One Day Calendar plugin <= 1.1.3 - Cross Site Requeβ¦
Cross-Site Request Forgery (CSRF) vulnerability in v20202020 Multi Days Events and Multi Events in One Day Calendar dragon-calendar-free-version allows Cross Site Request Forgery.This issue affects Multi Days Events and Multi Events in One Day Calendar: from n/a through <= 1.1.3.