7.1
CVE-2025-23752 - WordPress CGD Arrange Terms plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clifton Griffin CGD Arrange Terms shopp-arrange allows Reflected XSS.This issue affects CGD Arrange Terms: from n/a through <= 1.1.3.
6.5
CVE-2025-23669 - WordPress WP Smart Tooltip plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nurul Amin WP Smart Tooltip wp-smart-tool-tip allows Stored XSS.This issue affects WP Smart Tooltip: from n/a through <= 1.0.0.
6.5
CVE-2025-23656 - WordPress Donate visa plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability
Missing Authorization vulnerability in Saul Morales Pacheco Donate visa donate-visa allows Stored XSS.This issue affects Donate visa: from n/a through <= 1.0.0.
7.1
CVE-2025-23574 - WordPress CubePM plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM cubepm allows Reflected XSS.This issue affects CubePM: from n/a through <= 1.0.
7.1
CVE-2025-23531 - WordPress RSVPMaker Volunteer Roles plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidfcarr RSVPMaker Volunteer Roles rsvpmaker-volunteer-roles allows Reflected XSS.This issue affects RSVPMaker Volunteer Roles: from n/a through <= 1.5.1.
6.5
CVE-2025-23529 - WordPress Minterpress plugin <= 1.0.5 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Minterpress: from n/a through <= 1.0.5.
7.1
CVE-2025-22513 - WordPress Simple Locator Plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Simple Locator simple-locator allows Reflected XSS.This issue affects Simple Locator: from n/a through <= 2.0.4.
4.3
CVE-2025-24754 - WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0.
8.1
CVE-2025-24685 - WordPress Morkva UA Shipping plugin <= 1.0.18 - Local File Inclusion vulnerability
Path Traversal: '.../...//' vulnerability in Ihor Kit Morkva UA Shipping morkva-ua-shipping allows PHP Local File Inclusion.This issue affects Morkva UA Shipping: from n/a through <= 1.0.18.
9.3
CVE-2025-24664 - WordPress LTL Freight Quotes Plugin <= 5.0.20 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes β Worldwide Express Edition ltl-freight-quotes-worldwide-express-edition allows SQL Injection.This issue affects LTL Freight Quotes β Worldwide Express Edition:β¦