7.1
CVE-2025-28880 - WordPress Blue Captcha plugin <= 1.7.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jotis Blue Captcha blue-captcha allows Reflected XSS.This issue affects Blue Captcha: from n/a through <= 1.7.4.
7.1
CVE-2025-28877 - WordPress Key4ce osTicket Bridge plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in m.tiggelaar Key4ce osTicket Bridge key4ce-osticket-bridge allows Reflected XSS.This issue affects Key4ce osTicket Bridge: from n/a through <= 1.4.0.
8.5
CVE-2025-28873 - WordPress Shuffle plugin <= 0.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Scott Taylor Shuffle shuffle allows Blind SQL Injection.This issue affects Shuffle: from n/a through <= 0.5.
7.1
CVE-2025-28869 - WordPress NextGEN Gallery Voting plugin <= 2.7.6 - Reflected Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shauno NextGEN Gallery Voting nextgen-gallery-voting allows Reflected XSS.This issue affects NextGEN Gallery Voting: from n/a through <= 2.7.6.
7.1
CVE-2025-28865 - WordPress WP Colorful Tag Cloud plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lionelroux WP Colorful Tag Cloud wp-colorful-tag-cloud allows Reflected XSS.This issue affects WP Colorful Tag Cloud: from n/a through <= 2.0.1.
7.1
CVE-2025-28858 - WordPress Arrow Maps plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arrow Plugins Arrow Maps ap-google-maps allows Reflected XSS.This issue affects Arrow Maps: from n/a through <= 1.0.9.
7.1
CVE-2025-28855 - WordPress Teleport plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Teleport teleport allows Reflected XSS.This issue affects Teleport: from n/a through <= 1.2.4.
7.1
CVE-2025-27267 - WordPress Random Quotes Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Random Quotes random-quotes allows Reflected XSS.This issue affects Random Quotes: from n/a through <= 1.3.
7.1
CVE-2025-26584 - WordPress TBTestimonials Plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Travis Ballard TBTestimonials tb-testimonials allows Reflected XSS.This issue affects TBTestimonials: from n/a through <= 1.7.3.
7.1
CVE-2025-26583 - WordPress Video Share VOD plugin <= 2.7.9 - Reflected Cross-Site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper Video Share VOD video-share-vod allows Reflected XSS.This issue affects Video Share VOD: from n/a through <= 2.7.9.