7.1
CVE-2025-24554 - WordPress AWcode Toolkit plugin <= 1.0.14 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode AWcode Toolkit awcode-toolkit allows Reflected XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.14.
7.1
CVE-2025-23857 - WordPress Essential WP Real Estate Plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerabiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartDataSoft Essential WP Real Estate essential-wp-real-estate allows Reflected XSS.This issue affects Essential WP Real Estate: from n/a through <= 1.1.3.
7.1
CVE-2025-23853 - WordPress NoFollow Free plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in michelem NoFollow Free nofollow-free allows Reflected XSS.This issue affects NoFollow Free: from n/a through <= 1.6.3.
7.1
CVE-2025-23851 - WordPress Coronavirus (COVID-19) Outbreak Data Widgets Plugin <= 1.1.1 - Reflected Cross Site Scripβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khushwant Singh Coronavirus (COVID-19) Outbreak Data Widgets coronavirus-data-widgets allows Reflected XSS.This issue affects Coronavirus (COVID-19) Outbreak Data Widgets: from n/a through <= 1.1.1.
7.1
CVE-2025-23790 - WordPress Easy Code Placement Plugin <= 18.11 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wassereimer Easy Code Placement easy-code-placement allows Reflected XSS.This issue affects Easy Code Placement: from n/a through <= 18.11.
7.1
CVE-2025-23789 - WordPress URL Shortener WooCommerce Plugin <= 9.0.2 - Reflected Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tahminajannat URL Shortener | Conversion Tracking | AB Testing | WooCommerce easy-broken-link-checker allows Reflected XSS.This issue affects URL Shortener | Conversion Tracking | AB Testing | β¦
7.1
CVE-2025-23788 - WordPress Easy Filter Plugin <= 1.10 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roni Saha Easy Filter easy-filter allows Reflected XSS.This issue affects Easy Filter: from n/a through <= 1.10.
7.1
CVE-2025-23787 - WordPress Easy Bet Plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foxskav Easy Bet easy-bet allows Reflected XSS.This issue affects Easy Bet: from n/a through <= 1.0.7.
7.1
CVE-2025-23786 - WordPress Email to Download Plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: from n/a through <= 3.1.0.
6.5
CVE-2025-23771 - WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability
Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through <= 2.11.