CVE-2025-58025 WordPress Master Slider Plugin <= 3.11.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in averta Master Slider master-slider allows Stored XSS.This issue affects Master Slider: from n/a through = 3.11.0...

CVE-2025-58030 WordPress Page-list Plugin <= 5.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Page-list page-list allows Stored XSS.This issue affects Page-list: from n/a through = 5.8...

CVE-2025-58031

CVE-2025-58031 corresponds to a Stored Cross-Site Scripting vulnerability in the Nextend Facebook Connect plugin for WordPress. Affected versions are Nextend Facebook Connect up to 3.1.19, with root cause described as Improper Neutralization of Input During Web Page Generation. The connected Word...

CVE-2025-58219 WordPress Show Pages List Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in LIJE Show Pages List show-pages-list allows Cross Site Request Forgery.This issue affects Show Pages List: from n/a through = 1.2.0...

CVE-2025-58233

CVE-2025-58233 describes a DOM-based XSS vulnerability in Guaven Labs SQL Chart Builder. Affected: SQL Chart Builder versions up to 2.3.7.2 (no fixed version specified in the documents beyond that). The issue is an input handling problem during web page generation that can lead to Cross-Site Scri...

CVE-2025-58235 WordPress Front End Users plugin <= 3.2.35 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through = 3.2.35...

CVE-2025-58239 WordPress WP Category Dropdown Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chandrika Sista WP Category Dropdown wp-category-dropdown allows Stored XSS.This issue affects WP Category Dropdown: from n/a through = 1.9...

CVE-2025-58239 WordPress WP Category Dropdown Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chandrika Sista WP Category Dropdown wp-category-dropdown allows Stored XSS.This issue affects WP Category Dropdown: from n/a through = 1.9...

CVE-2025-58247 WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through = 2.10.0...

CVE-2025-58254 WordPress StylePress for Elementor Plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dtbaker StylePress for Elementor full-site-builder-for-elementor allows Stored XSS.This issue affects StylePress for Elementor: from n/a through = 1.2.1...

CVE-2025-58258

CVE-2025-58258 is a Missing Authorization issue in the WordPress plugin Lazy Blocks (Custom Block Builder). Affected: Lazy Blocks versions 4.1.0 and earlier. Root cause per the document is improper access control that allows unauthorized actions due to configured security levels. The CVE is docum...

CVE-2025-58260

CVE-2025-58260 describes a Stored XSS vulnerability in the WordPress plugin Highlight and Share – Social Text and Image Sharing. The entry notes a Cross-Site Scripting issue via improper input neutralization in web page generation, affecting Highlight and Share from version n/a up to 5.1.1. The p...

CVE-2025-58264 WordPress JupiterX Core Plugin <= 4.11.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artbees JupiterX Core jupiterx-core allows Stored XSS.This issue affects JupiterX Core: from n/a through = 4.11.0...

CVE-2025-58263 WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through = 1.3.3...

CVE-2025-58265 WordPress Events Manager – OpenStreetMaps Plugin <= 4.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps stonehenge-em-osm allows Stored XSS.This issue affects Events Manager – OpenStreetMaps: from n/a through = 4.2.1...

CVE-2025-58270 WordPress NIX Anti-Spam Light Plugin <= 0.0.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Cross Site Request Forgery.This issue affects NIX Anti-Spam Light: from n/a through = 0.0.4...

CVE-2025-58649 WordPress All In One SEO Pack Plugin <= 4.8.7.1 - Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through = 4.8.7.1...

CVE-2025-58654

CVE-2025-58654 is a DOM-based XSS in the xili-language WordPress plugin (Michel - xiligroup dev xili-language), affecting versions up to 2.21.3. Root cause: improper neutralization of input during web page generation. The connected EUVD entry confirms xili-language context. No public details on e...

CVE-2025-58653 WordPress JSM file_get_contents() Shortcode Plugin <= 2.7.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JS Morisset JSM filegetcontents Shortcode wp-file-get-contents allows Stored XSS.This issue affects JSM filegetcontents Shortcode: from n/a through = 2.7.1...

CVE-2025-58672 WordPress WP User Frontend Plugin <= 4.1.12 - Broken Access Control Vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.1.12...