5.3
CVE-2025-24600 - WordPress RSVPMaker plugin <= 11.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in davidfcarr RSVPMarker rsvpmaker.This issue affects RSVPMarker : from n/a through <= 11.4.5.
7.1
CVE-2025-24593 - WordPress Edwiser Bridge plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Reflected XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.8.
5.3
CVE-2025-24590 - WordPress picu β Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in picu picu picu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects picu: from n/a through <= 2.4.0.
4.3
CVE-2025-24540 - WordPress Website Builder by SeedProd plugin <= 6.18.9 - Cross Site Request Forgery (CSRF) vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Cross Site Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.18.9.
5.4
CVE-2025-24538 - WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerabiliβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through <= 3.6.10.
5.4
CVE-2025-24537 - WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through <= 6.7.0.
5.4
CVE-2025-23849 - WordPress PAPERCITE plugin <= 0.5.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through <= 0.5.18.
7.1
CVE-2025-23756 - WordPress LawPress plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanchernyakov LawPress β Law Firm Website Management lawpress allows Reflected XSS.This issue affects LawPress β Law Firm Website Management: from n/a through <= 1.4.5.
7.1
CVE-2025-23754 - WordPress The Loops plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ulrich Sossou The Loops the-loops allows Reflected XSS.This issue affects The Loops: from n/a through <= 1.0.2.
7.1
CVE-2025-23752 - WordPress CGD Arrange Terms plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clifton Griffin CGD Arrange Terms shopp-arrange allows Reflected XSS.This issue affects CGD Arrange Terms: from n/a through <= 1.1.3.