7.1
CVE-2025-26573 - WordPress Rizzi Guestbook plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JamRizzi Technologies Rizzi Guestbook rizzi-guestbook allows Reflected XSS.This issue affects Rizzi Guestbook: from n/a through <= 4.0.1.
7.1
CVE-2025-26566 - WordPress In Stock Mailer for WooCommerce Plugin <= 2.1.1 - Reflected Cross Site Scripting (XSS) vuโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank In Stock Mailer for WooCommerce in-stock-mailer-for-woocommerce allows Reflected XSS.This issue affects In Stock Mailer for WooCommerce: from n/a through <= 2.1.1.
7.1
CVE-2025-26565 - WordPress GNUPress Plugin <= 0.2.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUPress gnupress allows Reflected XSS.This issue affects GNUPress: from n/a through <= 0.2.9.
7.1
CVE-2025-26564 - WordPress GNUCommerce Plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUCommerce gnucommerce allows Reflected XSS.This issue affects GNUCommerce: from n/a through <= 1.5.4.
7.1
CVE-2025-26560 - WordPress WP Contact Form III Plugin <= 1.6.2d - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KKWangen WP Contact Form III wp-contact-form-iii allows Reflected XSS.This issue affects WP Contact Form III: from n/a through <= 1.6.2d.
6.5
CVE-2025-26559 - WordPress Secure Invites plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Taylor Secure Invites wordpress-mu-secure-invites allows Reflected XSS.This issue affects Secure Invites: from n/a through <= 1.3.
7.1
CVE-2025-26546 - WordPress Cookies Pro plugin <= 1.0 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelpro Cookies Pro cookies-pro allows Reflected XSS.This issue affects Cookies Pro: from n/a through <= 1.0.
7.1
CVE-2025-26544 - WordPressUTM tags + Landing page plugin <= 1.4 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max K UTM tags tracking for Contact Form 7 cf7-utm-tracking allows Reflected XSS.This issue affects UTM tags tracking for Contact Form 7: from n/a through <= 2.1.
7.1
CVE-2025-26542 - WordPress Zalo Live Chat Plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dang Ngoc Binh Zalo Live Chat zalo-live-chat allows Reflected XSS.This issue affects Zalo Live Chat: from n/a through <= 1.1.0.
7.1
CVE-2025-26541 - WordPress Bitcoin / AltCoin Payment Gateway for WooCommerce plugin <= 1.7.6 - Reflected Cross Site โฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Reflected XSS.This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through <=โฆ