0.0
CVE-2025-63021 - WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetipi Valenti Engine valenti-engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through <= 1.0.3.
0.0
CVE-2025-62874 - WordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Alexander AnyComment anycomment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through <= 0.3.6.
0.0
CVE-2025-69290 -
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2025. Notes: none
0.0
CVE-2025-62099 - WordPress Signature Add-On for Gravity Forms plugin <= 1.8.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through <= 1.8.6.
0.0
CVE-2025-62101 - WordPress Pardakht Delkhah plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Omid Shamloo Pardakht Delkhah pardakht-delkhah allows Cross Site Request Forgery.This issue affects Pardakht Delkhah: from n/a through <= 3.0.0.
0.0
CVE-2025-63038 - WordPress WP Custom Admin Interface plugin <= 7.40 - Broken Access Control vulnerability
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.40.
0.0
CVE-2025-62078 - WordPress Easy Upload Files During Checkout plugin <= 3.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout easy-upload-files-during-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through <= 3.0.0.
0.0
CVE-2025-49339 - WordPress Direct Payments WP plugin <= 1.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through <= 1.3.2.
0.0
CVE-2025-49340 - WordPress Direct Payments WP plugin <= 1.3.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP direct-payments-wp allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through <= 1.3.2.
0.0
CVE-2025-62083 - WordPress BoomDevs WordPress Coming Soon plugin plugin <= 1.0.4 - Sensitive Data Exposure vulnerabiβ¦
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon coming-soon-by-boomdevs allows Retrieve Embedded Sensitive Data.This issue affects BoomDevs WordPress Coming Soon: from n/a through <= 1.0.4.