0.0
CVE-2025-11127 - Mstoreapp Mobile (App <= 2.08, Multivendor <= 9.0.1) - Unauthenticated Privilege Escalation
The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address.
0.0
CVE-2025-66115 - WordPress Easy Invoice plugin <= 2.1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through <= 2.1.4.
0.0
CVE-2025-66114 - WordPress Show Variations as Single Products Woocommerce plugin <= 2.0 - Broken Access Control vulnβ¦
Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through <= 2β¦
0.0
CVE-2025-66113 - WordPress Better Chat Support for Messenger plugin <= 1.2.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeAtelier Better Chat Support for Messenger better-chat-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Chat Support for Messenger: from n/a through <= 1.2.18.
4.3
CVE-2025-66112 - WordPress Accessibility Toolkit by WebYes plugin <= 2.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Toolkit by WebYes: from n/a through <= 2.0.4.
0.0
CVE-2025-66111 - WordPress Nelio Popups plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through <= 1.3.0.
0.0
CVE-2025-66110 - WordPress Tiktok Feed plugin <= 1.0.22 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through <= 1.0.22.
0.0
CVE-2025-66109 - WordPress Cart Weight for WooCommerce plugin <= 1.9.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in octolize Cart Weight for WooCommerce woo-cart-weight allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cart Weight for WooCommerce: from n/a through <= 1.9.11.
0.0
CVE-2025-66108 - WordPress TNC Toolbox: Web Performance plugin <= 2.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Merlot Digital (by TNC) TNC Toolbox: Web Performance tnc-toolbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TNC Toolbox: Web Performance: from n/a through <= 2.0.4.
0.0
CVE-2025-66107 - WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Broken Access Control vulnerabilβ¦
Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscriptions & Memberships for PayPal: from n/a through <= 1.1.7.