9.3
CVE-2025-68865 - WordPress Infility Global plugin <= 2.14.48 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection.This issue affects Infility Global: from n/a through 2.14.48.
7.5
CVE-2025-68850 - WordPress Sell Downloads plugin <= 1.1.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Codepeople Sell Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through 1.1.12.
7.5
CVE-2025-68547 - WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in WPweb Follow My Blog Post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through 2.4.0.
8.6
CVE-2025-68044 - WordPress Five Star Restaurant Reservations plugin <= 2.7.8 - Insecure Direct Object References (IDβ¦
Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through 2.7.8.
7.5
CVE-2025-68033 - WordPress Custom Related Posts plugin <= 1.8.0 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through 1.8.0.
6.3
CVE-2025-68029 - WordPress Wallet System for WooCommerce plugin <= 2.7.2 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through 2.7.2.
6.5
CVE-2025-68014 - WordPress AweBooking plugin <= 3.2.26 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Awethemes AweBooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through 3.2.26.
5.3
CVE-2026-0586 - code-projects Online Product Reservation System prod.php cross site scripting
A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out remβ¦
9.9
CVE-2025-31048 - WordPress Shopo <= 1.1.4 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4.
8.8
CVE-2025-31047 - WordPress Themify Edmin theme <= 2.0.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2.0.0.