| CVE-2025-58853 | Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Popping Sidebars and Widgets Light allows Reflected XSS. This issue affects Popping Sidebars and Widgets Light: from n/a through 1.27. | high |
| CVE-2025-58852 | Cross-Site Request Forgery (CSRF) vulnerability in Mark O'Donnell MSTW League Manager allows Stored XSS. This issue affects MSTW League Manager: from n/a through 2.10. | high |
| CVE-2025-58851 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Boxed Content allows Stored XSS. This issue affects Boxed Content: from n/a through 1.0. | medium |
| CVE-2025-58850 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marcshowpass Showpass WordPress Extension allows Stored XSS. This issue affects Showpass WordPress Extension: from n/a through 4.0.3. | medium |
| CVE-2025-58849 | Cross-Site Request Forgery (CSRF) vulnerability in Deepak S Hide Real Download Path allows Stored XSS. This issue affects Hide Real Download Path: from n/a through 1.6. | high |
| CVE-2025-58848 | Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes allows Reflected XSS. This issue affects WP likes: from n/a through 3.1.1. | high |
| CVE-2025-58847 | Cross-Site Request Forgery (CSRF) vulnerability in Yaidier WN Flipbox Pro allows Reflected XSS. This issue affects WN Flipbox Pro: from n/a through 2.1. | high |
| CVE-2025-58846 | Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule allows Reflected XSS. This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule: from n/a through 2020.1.0. | high |
| CVE-2025-58845 | Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Bulk Watermark allows Reflected XSS. This issue affects Bulk Watermark: from n/a through 1.6.10. | high |
| CVE-2025-58844 | Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Database to Excel allows Stored XSS. This issue affects Database to Excel: from n/a through 1.0. | high |
| CVE-2025-58843 | Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto Last Youtube Video allows Stored XSS. This issue affects Auto Last Youtube Video: from n/a through 1.0.7. | high |
| CVE-2025-58842 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in givecloud Donation Forms WP by Givecloud allows Stored XSS. This issue affects Donation Forms WP by Givecloud: from n/a through 1.0.9. | medium |
| CVE-2025-58841 | Incorrect Privilege Assignment vulnerability in John Luetke Media Author allows Privilege Escalation. This issue affects Media Author: from n/a through 1.0.4. | medium |
| CVE-2025-58840 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ibnul H. Custom Team Manager allows Stored XSS. This issue affects Custom Team Manager: from n/a through 2.4.2. | medium |
| CVE-2025-58839 | Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu allows Object Injection. This issue affects eDS Responsive Menu: from n/a through 1.2. | high |
| CVE-2025-58838 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zakir Smooth Accordion allows Stored XSS. This issue affects Smooth Accordion: from n/a through 2.1. | medium |
| CVE-2025-58837 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiful H SS Font Awesome Icon allows Stored XSS. This issue affects SS Font Awesome Icon: from n/a through 4.1.3. | medium |
| CVE-2025-58836 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tikolan FW Anker allows Stored XSS. This issue affects FW Anker: from n/a through 1.2.6. | medium |
| CVE-2025-58835 | Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bonus for Woo: from n/a through 7.4.1. | medium |
| CVE-2025-58834 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gugu short.io allows DOM-Based XSS. This issue affects short.io: from n/a through 2.4.0. | medium |
| CVE-2025-58833 | Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect allows Object Injection. This issue affects Invelity MyGLS connect: from n/a through 1.1.1. | high |
| CVE-2025-58832 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Search by Google allows Stored XSS. This issue affects Search by Google: from n/a through 1.9. | medium |
| CVE-2025-58831 | Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js allows Cross Site Request Forgery. This issue affects Parallax Scrolling Enllax.js: from n/a through 0.0.6. | medium |
| CVE-2025-58830 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snagysandor Parallax Scrolling Enllax.js allows Stored XSS. This issue affects Parallax Scrolling Enllax.js: from n/a through 0.0.6. | medium |
| CVE-2025-58829 | Server-Side Request Forgery (SSRF) vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Server Side Request Forgery. This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.2.6. | medium |
| CVE-2025-58828 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemstory 코드엠샵 소셜톡 allows Stored XSS. This issue affects 코드엠샵 소셜톡: from n/a through 1.2.1. | medium |
| CVE-2025-58827 | Improper Control of Generation of Code ('Code Injection') vulnerability in PickPlugins Job Board Manager allows Code Injection. This issue affects Job Board Manager: from n/a through 2.1.61. | low |
| CVE-2025-58826 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Mann WP Publication Archive allows Stored XSS. This issue affects WP Publication Archive : from n/a through 3.0.1. | medium |
| CVE-2025-58825 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Comment Form WP – Customize Default Comment Form allows Stored XSS. This issue affects Comment Form WP – Customize Default Comment Form: from n/a through 2.0.0. | medium |
| CVE-2025-58824 | Missing Authorization vulnerability in webriti Shk Corporate allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shk Corporate: from n/a through 2.4.1.1. | medium |
| CVE-2025-58823 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The African Boss Get Cash allows Stored XSS. This issue affects Get Cash: from n/a through 3.2.2. | medium |
| CVE-2025-58822 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail allows DOM-Based XSS. This issue affects WP Mail: from n/a through 1.3. | medium |
| CVE-2025-58821 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdever WP Notification Bell allows Stored XSS. This issue affects WP Notification Bell: from n/a through 1.4.5. | medium |
| CVE-2025-58820 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. | medium |
| CVE-2025-58819 | Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image allows Upload a Web Shell to a Web Server. This issue affects Bulk Featured Image: from n/a through 1.2.2. | critical |
| CVE-2025-58818 | Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Developer Tools Blocker allows Cross Site Request Forgery. This issue affects Developer Tools Blocker: from n/a through 3.2.1. | medium |
| CVE-2025-58817 | Missing Authorization vulnerability in DesertThemes SoftMe allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SoftMe: from n/a through 1.1.24. | medium |
| CVE-2025-58816 | Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Carousel Slider for Elementor: from n/a through 2.1.3. | low |
| CVE-2025-58815 | Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon allows Object Injection. This issue affects Aitasi Coming Soon: from n/a through 2.0.2. | high |
| CVE-2025-58814 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ram Ratan Maurya Stagtools allows Stored XSS. This issue affects Stagtools: from n/a through 2.3.8. | medium |
| CVE-2025-58813 | Missing Authorization vulnerability in ThemeArile Consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Consultstreet: from n/a through 3.0.0. | medium |
| CVE-2025-58812 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows Stored XSS. This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.3. | medium |
| CVE-2025-58811 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs Ultimate Client Dash allows Stored XSS. This issue affects Ultimate Client Dash: from n/a through 4.6. | medium |
| CVE-2025-58810 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jimmywb Simple Link List Widget allows Stored XSS. This issue affects Simple Link List Widget: from n/a through 0.3.2. | medium |
| CVE-2025-58809 | Cross-Site Request Forgery (CSRF) vulnerability in Nick Ciske To Lead For Salesforce allows Reflected XSS. This issue affects To Lead For Salesforce: from n/a through 2.7.3.9. | high |
| CVE-2025-58808 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Babar prettyPhoto allows Stored XSS. This issue affects prettyPhoto: from n/a through 1.2.4. | medium |
| CVE-2025-58807 | Cross-Site Request Forgery (CSRF) vulnerability in Dsingh Purge Varnish Cache allows Stored XSS. This issue affects Purge Varnish Cache: from n/a through 2.6. | high |
| CVE-2025-58806 | Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3. | high |
| CVE-2025-58805 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0. | medium |
| CVE-2025-58804 | Cross-Site Request Forgery (CSRF) vulnerability in brijrajs WooCommerce Single Page Checkout allows Cross Site Request Forgery. This issue affects WooCommerce Single Page Checkout: from n/a through 1.2.7. | medium |
