0.0
CVE-2025-23921 - WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through <= 1.1.3.
0.0
CVE-2025-23918 - WordPress Smallerik File Browser plugin <= 1.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser smallerik-file-browser allows Upload a Web Shell to a Web Server.This issue affects Smallerik File Browser: from n/a through <= 1.1.
0.0
CVE-2025-23910 - WordPress Menus Plus+ Plugin <= 1.9.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in keighl Menus Plus+ menus-plus allows SQL Injection.This issue affects Menus Plus+: from n/a through <= 1.9.6.
0.0
CVE-2025-23874 - WordPress WP Block Pack plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FalconTheme Team WP Block Pack wp-block-pack allows Reflected XSS.This issue affects WP Block Pack: from n/a through <= 1.1.6.
0.0
CVE-2025-23867 - WordPress WordPress File Search Plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markcoker WordPress File Search wpfilesearch allows Reflected XSS.This issue affects WordPress File Search: from n/a through <= 1.2.
0.0
CVE-2025-23866 - WordPress EU DSGVO Helper Plugin <= 1.0.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E. Marten EU DSGVO Helper dsgvo allows Reflected XSS.This issue affects EU DSGVO Helper: from n/a through <= 1.0.6.1.
0.0
CVE-2025-23811 - WordPress WP2APP Plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ghasemy14 WP2APP wp2appir allows Reflected XSS.This issue affects WP2APP: from n/a through <= 2.6.2.
0.0
CVE-2025-23806 - WordPress Ultimate Subscribe Plugin <=1.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabilβ¦
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe ultimate-subscribe allows Reflected XSS.This issue affects Ultimate Subscribe: from n/a through <= 1.3.
0.0
CVE-2025-23803 - WordPress Snippy Plugin <= 1.4.1 - CSRF to Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Rik Schennink Snippy snippy allows Reflected XSS.This issue affects Snippy: from n/a through <= 1.4.1.
6.1
CVE-2025-23798 - WordPress Mass Messaging in BuddyPress Plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulneβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElbowRobo Mass Messaging in BuddyPress mass-messaging-in-buddypress allows Reflected XSS.This issue affects Mass Messaging in BuddyPress: from n/a through <= 2.2.1.