7.2
CVE-2024-52500 - WordPress Monetag Official Plugin plugin <= 1.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.
7.1
CVE-2025-24692 - WordPress Bulk Menu Edit plugin <= 1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in M.Code Bulk Menu Edit bulk-menu-edit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Menu Edit: from n/a through <= 1.3.
7.1
CVE-2025-24688 - WordPress WP Mailster Plugin <= 1.8.20.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.20.0.
7.1
CVE-2025-24700 - WordPress WP Event Aggregator Plugin <= 1.8.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator wp-event-aggregator allows Reflected XSS.This issue affects WP Event Aggregator: from n/a through <= 1.8.2.
7.1
CVE-2025-24699 - WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder wp-coder allows Cross-Site Scripting (XSS).This issue affects WP Coder: from n/a through <= 3.6.
7.1
CVE-2025-24641 - WordPress Better WishList API plugin <= 1.1.3 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API better-wlm-api allows Stored XSS.This issue affects Better WishList API: from n/a through <= 1.1.3.
7.1
CVE-2025-24617 - WordPress AcyMailing Plugin < 9.11.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through < 9.11.1.
7.1
CVE-2025-24616 - WordPress Uix Page Builder Plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder uix-page-builder allows Reflected XSS.This issue affects Uix Page Builder: from n/a through <= 1.7.3.
7.1
CVE-2025-24615 - WordPress Analytics Cat Plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat analytics-cat allows Reflected XSS.This issue affects Analytics Cat: from n/a through <= 1.1.2.
7.1
CVE-2025-24614 - WordPress Post Timeline Plugin <= 2.3.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agile Logix Post Timeline post-timeline allows Reflected XSS.This issue affects Post Timeline: from n/a through <= 2.3.9.