8.5
CVE-2025-67950 - WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1.
4.3
CVE-2025-67948 - WordPress SendPulse Email Marketing Newsletter plugin <= 2.2.1 - Sensitive Data Exposure vulnerabilβ¦
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects SendPulse Email Marketing Newsletter: from n/a through <= 2.2.1.
5.3
CVE-2025-67929 - WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.
6.5
CVE-2025-67912 - WordPress Stars Testimonials plugin <= 3.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through <= 3.3.4.
5.4
CVE-2025-66167 - WordPress Lottier plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Lottier lottier-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier: from n/a through <= 1.1.1.
5.4
CVE-2025-66166 - WordPress Lottier for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Lottier for Elementor lottier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for Elementor: from n/a through <= 1.0.9.
5.4
CVE-2025-66165 - WordPress Lottier for WPBakery plugin <= 1.1.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Lottier for WPBakery lottier-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for WPBakery: from n/a through <= 1.1.7.
5.4
CVE-2025-66164 - WordPress Laser plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Laser laser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laser: from n/a through <= 1.1.1.
5.4
CVE-2025-66163 - WordPress Masker for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Masker for Elementor masker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masker for Elementor: from n/a through <= 1.1.4.
5.4
CVE-2025-66162 - WordPress Spoter for Elementor plugin <= 1.04 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through <= 1.04.