7.1
CVE-2025-67971 - WordPress FluentCart plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through < 1.3.0.
5.9
CVE-2025-67970 - WordPress Schedula plugin <= 1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a through <= 1.0.
6.5
CVE-2025-67969 - WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.5.1 - Broken Access Control vulneβ¦
Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1.
6.5
CVE-2025-67624 - WordPress Optimize More! β Images plugin <= 1.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through <= 1.1.3.
6.5
CVE-2025-67547 - WordPress Konte theme <= 2.4.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6.
5.9
CVE-2025-60183 - WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through <= 0.6.
8.1
CVE-2025-60087 - WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:β¦
7.1
CVE-2025-53237 - WordPress WP Wizard Cloak Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Wizard Cloak wp-wizard-cloak allows Reflected XSS.This issue affects WP Wizard Cloak: from n/a through <= 1.0.1.
7.1
CVE-2025-53233 - WordPress Storyform plugin <= 0.6.14 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RylanH Storyform storyform allows Reflected XSS.This issue affects Storyform: from n/a through <= 0.6.14.
7.1
CVE-2025-53231 - WordPress Easy Taxonomy Images plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevstudio Easy Taxonomy Images easy-taxonomy-images allows Stored XSS.This issue affects Easy Taxonomy Images: from n/a through <= 1.0.1.