7.5
CVE-2025-68902 - WordPress Anona theme <= 8.0 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.
8.6
CVE-2025-68901 - WordPress Anona theme <= 8.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.
6.5
CVE-2025-68900 - WordPress Enfold theme <= 7.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold allows DOM-Based XSS. This issue affects Enfold: from n/a through 7.1.3.
8.8
CVE-2025-68899 - WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4.
5.8
CVE-2025-68898 - WordPress Synergy Project Manager plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through <= 1.5.
6.5
CVE-2025-68896 - WordPress WDV One Page Docs plugin <= 1.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.
7.1
CVE-2025-68894 - WordPress ShoutOut plugin <= 4.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through <= 4.0.2.
7.1
CVE-2025-68884 - WordPress WP Simple Redirect plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through <= 1.1.
7.1
CVE-2025-68883 - WordPress bidorbuy Store Integrator plugin <= 2.12.0 - Reflected Cross Site Scripting (XSS) vulneraβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through <= 2.12.0.
7.5
CVE-2025-68882 - WordPress Scalenut plugin <= 1.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.5.