7.1
CVE-2025-68842 - WordPress Widget Logic Visual plugin <= 1.52 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through <= 1.52.
7.5
CVE-2025-68841 - WordPress TopperPack β Complete Elementor Addons, theme & CPT Builder plugin <= 1.2.1 - Local File β¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack β Complete Elementor Addons, Theme & CPT Builder topper-pack allows PHP Local File Inclusion.This issue affects TopperPack β Complete Elementor Addons, Thβ¦
6.5
CVE-2025-68837 - WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Contrβ¦
Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from nβ¦
7.5
CVE-2025-68834 - WordPress Sync Master Sheet β Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Brokβ¦
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet β Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet β Product Sync with Google Sheet for WooCommeβ¦
6.5
CVE-2025-68564 - WordPress Sendy plugin <= 3.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2.
7.5
CVE-2025-68552 - WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Local File Inclusion vulneβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows PHP Local File Inclusion.This issue affects WooCommerce Coming Soon Product with Counβ¦
9.9
CVE-2025-68549 - WordPress Wiguard theme < 2.0.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1.
8.1
CVE-2025-68545 - WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14.
8.1
CVE-2025-68543 - WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15.
6.5
CVE-2025-68542 - WordPress Checkout Gateway for IRIS plugin <= 1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iris allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Gateway for IRIS: from n/a through <= 1.3.