6.5
CVE-2025-23802 - WordPress WP-Revive Adserver Plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SteveSoehl WP-Revive Adserver wp-revive-adserver allows Stored XSS.This issue affects WP-Revive Adserver: from n/a through <= 2.2.1.
6.5
CVE-2025-23796 - WordPress Easy Portfolio plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Patel Easy Portfolio easy-portfolio allows Stored XSS.This issue affects Easy Portfolio: from n/a through <= 1.3.
6.5
CVE-2025-23791 - WordPress Horizontal Line Shortcode Plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mikakaltoft Horizontal Line Shortcode horizontal-line-shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through <= 1.0.
6.5
CVE-2025-23794 - WordPress wp_amaps Plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _rccoder_ wp_amaps wp-amaps allows Stored XSS.This issue affects wp_amaps: from n/a through <= 1.7.
7.6
CVE-2025-23780 - WordPress Easy Code Snippets Plugin <= 1.0.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpha BPO Easy Code Snippets easy-code-snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through <= 1.0.2.
4.3
CVE-2025-23785 - WordPress AI Responsive Gallery Album plugin <= 1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album ai-responsive-gallery-album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through <= 1.4.
5.4
CVE-2025-23778 - WordPress User Sync ActiveCampaign plugin <= 1.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign registered-user-sync-activecampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through <= 1.3.2.
7.6
CVE-2025-23779 - WordPress ResAds Plugin <= 2.0.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in web-mv ResAds resads allows SQL Injection.This issue affects ResAds: from n/a through <= 2.0.5.
6.5
CVE-2025-23777 - WordPress GDPR Personal Data Reports Plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in willowsconsulting GDPR Personal Data Reports gdpr-personal-data-reports allows Stored XSS.This issue affects GDPR Personal Data Reports: from n/a through <= 1.0.5.
6.5
CVE-2025-23772 - WordPress imaGenius Plugin <= 1.7 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio Petullaβ imaGenius imagenius allows Stored XSS.This issue affects imaGenius: from n/a through <= 1.7.