CVE-2025-57906 WordPress Epeken All Kurir Plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in epeken Epeken All Kurir allows Stored XSS. This issue affects Epeken All Kurir: from n/a through 2.0.2...

CVE-2025-57907 WordPress Heureka Plugin <= 1.1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Heureka Group Heureka allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Heureka: from n/a through 1.1.0...

CVE-2025-57910 WordPress AnyClip Luminous Studio Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AnyClip Video Platform AnyClip Luminous Studio anyclip-media allows Stored XSS.This issue affects AnyClip Luminous Studio: from n/a through = 1.3.3...

CVE-2025-57920 WordPress Category Featured Images Extended Plugin <= 1.52 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CK MacLeod Category Featured Images Extended category-featured-images-extended allows Stored XSS.This issue affects Category Featured Images Extended: from n/a through = 1.52...

CVE-2025-57923 WordPress UK Address Postcode Validation plugin <= 3.9.2 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Ideal Postcodes UK Address Postcode Validation uk-address-postcode-validation allows Retrieve Embedded Sensitive Data.This issue affects UK Address Postcode Validation: from n/a through = 3.9.2...

CVE-2025-57928

CVE-2025-57928 affects AWP Classifieds (WordPress) up to version 4.3.5, enabling unauthenticated arbitrary shortcode execution due to improper handling of script/HTML tags. The Wordfence entry lists this as an unauthenticated vulnerability in AWP Classifieds with a CVSS v3.1 base score of 5.3 (Me...

CVE-2025-57929 WordPress Double the Donation Plugin <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...

CVE-2025-57930 WordPress Double the Donation Plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Cross Site Request Forgery.This issue affects Double the Donation: from n/a through = 2.0.0...

CVE-2025-57938

CVE-2025-57938 describes a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin Easy Hotel Booking (themename: Easy Hotel Booking) that is exploitable via improper input handling during web page generation. Affected version range is shown as “n/a through 1.6.9”; the CVSS vector (3...

CVE-2025-57945

CVE-2025-57945 is an Stored XSS vulnerability in WP Advanced PDF affecting WP Advanced PDF versions from n/a up to and including 1.1.7. The CVE is documented with a CVSS v3.1 base score of 5.9 (Medium) and an attack vector over the network, with user interaction required. The connected Wordfence ...

CVE-2025-57946 WordPress payOS plugin <= 1.0.73 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Loc Bui payOS payos allows Cross Site Request Forgery.This issue affects payOS: from n/a through = 1.0.73...

CVE-2025-57952 WordPress Maps for WP Plugin <= 1.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Maps for WP maps-for-wp allows Stored XSS.This issue affects Maps for WP: from n/a through = 1.2.5...

CVE-2025-57961

CVE-2025-57961 affects CoDesigner (CoDesigner – All in One Elementor WooCommerce Builder) with Missing Authorization. According to connected Wordfence data, the vulnerability applies to CoDesigner versions up to 4.26 and is currently unpatched. The Initial Description lists the CVE as a Missing A...

CVE-2025-57977 WordPress Flexible PDF Invoices for WooCommerce & WordPress Plugin <= 6.0.13 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoices for WooCommerce & WordPress: from n/a through = 6.0.13...

CVE-2025-57981 WordPress WP Social Widget Plugin <= 2.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through = 2.3.1...

CVE-2025-57986

CVE-2025-57986 corresponds to a Stored XSS in the WordPress plugin WP Subtitle. The vulnerability is described as Improper Neutralization of Input During Web Page Generation (XSS) affecting WP Subtitle versions from 0 through 3.4.1. The CVE details provided show a CVSS v3.1 base score of 6.5 with...

CVE-2025-57992

CVE-2025-57992 : CSRF vulnerability in Mail Baby SMTP (InterServer) affects Mail Baby SMTP up to version 2.8. CVSS 3.1 base score 4.3 (Medium); attack vector: network; privileges: none; user interaction required. Public details in the provided documents are limited; connected sources do not add c...

CVE-2025-58001

CVE-2025-58001 is a Stored Cross-Site Scripting (XSS) vulnerability in the Compact Archives WordPress plugin (affected:

CVE-2025-58006 WordPress WP Gravity Forms Keap/Infusionsoft plugin <= 1.2.6 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Phishing.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through = 1.2.6...

CVE-2025-58010

Technical details beyond the initial description are not provided in the connected documents. The CSRF issue in SV Proven Expert for WordPress is described only at a high level; monitor for updates for affected versions and fixes.