7.1
CVE-2025-26536 - WordPress Another Events Calendar Plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yendif Player Another Events Calendar another-events-calendar allows Reflected XSS.This issue affects Another Events Calendar: from n/a through <= 1.7.0.
7.1
CVE-2025-25134 - WordPress Theme Demo Bar Plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zenverse Theme Demo Bar wordpress-theme-demo-bar allows Reflected XSS.This issue affects Theme Demo Bar: from n/a through <= 1.6.3.
8.1
CVE-2025-24690 - WordPress Formality Plugin <= 1.5.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through <= 1.5.7.
7.1
CVE-2025-23964 - WordPress Google Plus Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ajitae Google Plus google-plus-google allows Reflected XSS.This issue affects Google Plus: from n/a through <= 1.0.2.
8.1
CVE-2025-23952 - WordPress Custom Field List Widget Plugin <= 1.5.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ntm custom-field-list-widget custom-field-list-widget allows PHP Local File Inclusion.This issue affects custom-field-list-widget: from n/a through <= 1.5.1.
8.1
CVE-2025-23937 - WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File Inclusion.This issue affects LinkedIn Lite: from n/a through <= 1.0.
7.1
CVE-2025-23735 - WordPress Infugrator plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cosmin Schiopu Infugrator infugrator allows Reflected XSS.This issue affects Infugrator: from n/a through <= 1.0.3.
7.1
CVE-2025-23728 - WordPress AuMenu plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in atelierhyper AuMenu aumenu allows Reflected XSS.This issue affects AuMenu: from n/a through <= 1.1.5.
7.1
CVE-2025-23714 - WordPress AppReview plugin <= 0.2.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podspod AppReview appreview allows Reflected XSS.This issue affects AppReview: from n/a through <= 0.2.9.
7.1
CVE-2025-23704 - WordPress Your Lightbox plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reuven Karasik Your Lightbox your-lightbox allows Reflected XSS.This issue affects Your Lightbox: from n/a through <= 1.0.