5.3
CVE-2025-66133 - WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.7 - Broken Access Controβ¦
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.7.
6.5
CVE-2025-66132 - WordPress FAPI Member plugin <= 2.2.29 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through <= 2.2.29.
9.1
CVE-2025-66131 - WordPress Yaad Sarig Payment Gateway For WC plugin <= 2.2.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig-payment-gateway-for-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yaad Sarig Payment Gateway For WC: from n/a through <= 2.2.11.
5.3
CVE-2025-66130 - WordPress WP Views Counter plugin <= 2.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in etruel WP Views Counter wpecounter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Views Counter: from n/a through <= 2.1.2.
5.3
CVE-2025-66129 - WordPress Pochipp plugin <= 1.18.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through <= 1.18.0.
5.3
CVE-2025-66128 - WordPress Sendinblue for WooCommerce plugin <= 4.0.49 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through <= 4.0.49.
5.4
CVE-2025-66127 - WordPress Essential Real Estate plugin <= 5.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.2.9.
5.3
CVE-2025-66126 - WordPress Fix Media Library plugin <= 2.0 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in wowpress.host Fix Media Library wow-media-library-fix allows Retrieve Embedded Sensitive Data.This issue affects Fix Media Library: from n/a through <= 2.0.
5.3
CVE-2025-66125 - WordPress Ultimate Auction plugin <= 4.3.2 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through <= 4.3.2.
5.3
CVE-2025-66124 - WordPress Leaky Paywall plugin <= 4.22.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leaky Paywall: from n/a through <= 4.22.6.