CVE-2025-23603

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MohammadJafar Khajeh Group category creator group-category-creator allows Reflected XSS.This issue affects Group category creator: from n/a through = 1.3.0.3...

CVE-2025-23634

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Reflected XSS.This issue affects Youtube Video Grid: from n/a through = 1.9...

CVE-2025-23931

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Oliver Fuhrmann WordPress Local SEO dh-local-seo allows Blind SQL Injection.This issue affects WordPress Local SEO: from n/a through = 2.3...

CVE-2025-23706

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in milordk Jet Skinner for BuddyPress jet-skinner-for-buddypress allows Reflected XSS.This issue affects Jet Skinner for BuddyPress: from n/a through = 1.2.5...

CVE-2025-23622

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sabuj Kundu CBX Accounting & Bookkeeping cbxwpsimpleaccounting allows Reflected XSS.This issue affects CBX Accounting & Bookkeeping: from n/a through = 1.3.14...

CVE-2025-23604

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maeve Lander Rezdy Reloaded reloaded-rezdy allows Stored XSS.This issue affects Rezdy Reloaded: from n/a through = 1.0.1...

CVE-2025-23811

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ghasemy14 WP2APP wp2appir allows Reflected XSS.This issue affects WP2APP: from n/a through = 2.6.2...

CVE-2025-23730

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flx0 FLX Dashboard Groups flx-dashboard-groups allows Reflected XSS.This issue affects FLX Dashboard Groups: from n/a through = 0.0.7...

CVE-2025-23910

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in keighl Menus Plus+ menus-plus allows SQL Injection.This issue affects Menus Plus+: from n/a through = 1.9.6...

CVE-2025-23631

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Lewis Content Planner content-planner allows Reflected XSS.This issue affects Content Planner: from n/a through = 1.0...

CVE-2025-23774

Insertion of Sensitive Information Into Sent Data vulnerability in Niket Joshi WPDB to Sql wpdb-to-sql allows Retrieve Embedded Sensitive Data.This issue affects WPDB to Sql: from n/a through = 1.2...

CVE-2025-23495

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chetan Khandla WooCommerce Order Search woocommerce-order-searching allows Reflected XSS.This issue affects WooCommerce Order Search: from n/a through = 1.1.0...

CVE-2025-23837

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in martinjuhasz One Backend Language one-backend-language allows Reflected XSS.This issue affects One Backend Language: from n/a through = 1.0...

CVE-2025-23882

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in misanthrop WP Download Codes wp-download-codes allows Reflected XSS.This issue affects WP Download Codes: from n/a through = 2.5.4...

CVE-2025-22772

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stephanemartinw Mapbox for WP Advanced mapbox-for-wp-advanced allows Reflected XSS.This issue affects Mapbox for WP Advanced: from n/a through = 1.0.0...

CVE-2025-22513

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Simple Locator simple-locator allows Reflected XSS.This issue affects Simple Locator: from n/a through = 2.0.4...

CVE-2025-22553

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in dhananjaysingh Multiple Carousel multicarousel allows SQL Injection.This issue affects Multiple Carousel: from n/a through = 2.0...

CVE-2025-22322

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging allows Reflected XSS.This issue affects Private Messages for UserPro: from n/a through = 4.10.0...

CVE-2024-49666

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems ARPrice arprice allows SQL Injection.This issue affects ARPrice: from n/a through = 4.1.3...

CVE-2024-49688

Deserialization of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects ARPrice: from n/a through = 4.1.3...