6.5
CVE-2025-22329 - WordPress Free Google Maps plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agile Logix Free Google Maps wp-map allows Stored XSS.This issue affects Free Google Maps: from n/a through <= 1.0.1.
6.4
CVE-2025-22346 - WordPress Course Migration for LearnDash plugin 1.0.2 - Server Side Request Forgery (SSRF) vulnerabβ¦
Server-Side Request Forgery (SSRF) vulnerability in fzngagan Course Migration for LearnDash course-migration-for-learndash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from n/a through 1.0.2.
6.5
CVE-2025-22587 - WordPress SEO Bulk Editor plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atanas Krachev SEO Bulk Editor seo-bulk-editor allows Stored XSS.This issue affects SEO Bulk Editor: from n/a through <= 1.1.0.
6.5
CVE-2025-22724 - WordPress Product Carousel For WooCommerce β WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP Product Carousel For WooCommerce β WoorouSell allows Stored XSS.This issue affects Product Carousel For WooCommerce β WoorouSell: from n/a through 1.1.0.
4.3
CVE-2025-22729 - WordPress VOD Infomaniak plugin <= 1.5.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VOD Infomaniak: from n/a through <= 1.5.9.
4.3
CVE-2025-22731 - WordPress Build Private Store For Woocommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulβ¦
Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Build Private Store For Woocommerce build-private-store-for-woocommerce allows Cross Site Request Forgery.This issue affects Build Private Store For Woocommerce: from n/a through <= 1.0.
5.9
CVE-2025-22734 - WordPress Posts Footer Manager Plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. Posts Footer Manager intelly-posts-footer-manager allows Stored XSS.This issue affects Posts Footer Manager: from n/a through <= 2.1.0.
8.8
CVE-2025-22736 - WordPress User Management plugin <= 1.2 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2.
5.3
CVE-2025-22737 - WordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through <= 1.8.5.
5.9
CVE-2025-22738 - WordPress WP ULike plugin <= 4.7.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alimir WP ULike wp-ulike allows Stored XSS.This issue affects WP ULike: from n/a through <= 4.7.6.