9.3
CVE-2025-49055 - WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5.
8.5
CVE-2025-49050 - WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5.
8.5
CVE-2025-49049 - WordPress DZS Video Gallery plugin <= 12.39 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Gallery: from n/a through <= 12.39.
7.1
CVE-2025-49046 - WordPress xPromoter plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup xPromoter top_bar_promoter allows Reflected XSS.This issue affects xPromoter: from n/a through <= 1.3.4.
7.1
CVE-2025-49045 - WordPress Super Interactive Maps plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Interactive Maps super-interactive-maps allows Reflected XSS.This issue affects Super Interactive Maps: from n/a through <= 2.3.
7.1
CVE-2025-49043 - WordPress Magic Responsive Slider and Carousel WordPress plugin <= 1.6 - Reflected Cross Site Scripβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic_carousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through <= 1.6.
7.1
CVE-2025-48094 - WordPress Magic Slider plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Slider magic_slider allows Reflected XSS.This issue affects Magic Slider: from n/a through <= 2.2.
7.1
CVE-2025-47666 - WordPress Image&Video FullScreen Background plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Image&Video FullScreen Background lbg_fullscreen_fullwidth_slider allows Reflected XSS.This issue affects Image&Video FullScreen Background: from n/a through <= 1.6.7.
5.3
CVE-2025-47600 - WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through <= 8.3.7.
3.8
CVE-2025-47555 - WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.