9.8
CVE-2025-68541 - WordPress Ippsum theme <= 1.2.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0.
8.1
CVE-2025-68539 - WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35.
8.1
CVE-2025-68536 - WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14.
6.5
CVE-2025-68534 - WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 6.3.0.
8.8
CVE-2025-68531 - WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerβ¦
Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through < 1.5.6.
8.8
CVE-2025-68526 - WordPress Modal Popup Box plugin <= 1.6.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1.
6.5
CVE-2025-68514 - WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulβ¦
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.16.8.
7.1
CVE-2025-68501 - WordPress Mollie Payments for WooCommerce plugin <= 8.1.1 - Reflected Cross Site Scripting (XSS) vuβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through <= 8.1.1.
7.1
CVE-2025-68495 - WordPress JetEngine plugin <= 3.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0.
7.1
CVE-2025-68069 - WordPress Directorist plugin <= 8.6.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.6.6.