5.4
CVE-2025-57886 - WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object Refer…
Authorization Bypass Through User-Controlled Key vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.30.0.
4.3
CVE-2025-57885 - WordPress Fluent Support Plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support allows Cross Site Request Forgery. This issue affects Fluent Support: from n/a through 1.9.1.
4.3
CVE-2025-57884 - WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in wpsoul Greenshift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greenshift: from n/a through 12.1.1.
7.1
CVE-2025-9259 - Uniong|WebITR - Arbitrary File Reading through Path Traversal
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
7.1
CVE-2025-9258 - Uniong|WebITR - Arbitrary File Reading through Path Traversal
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
7.1
CVE-2025-9257 - Uniong|WebITR - Arbitrary File Reading through Path Traversal
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
7.1
CVE-2025-9256 - Uniong|WebITR - Arbitrary File Reading through Path Traversal
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
8.7
CVE-2025-9255 - Uniong|WebITR - SQL Injection
WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
9.3
CVE-2025-9254 - Uniong|WebITR - Missing Authentication
WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality.
4.3
CVE-2025-9331 - Spacious <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import
The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and ab…