5.4
CVE-2025-66135 - WordPress Imager for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4.
4.9
CVE-2025-64252 - WordPress ANAC XML Viewer plugin <= 1.8.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through <= 1.8.2.
4.3
CVE-2025-63051 - WordPress REHub Framework plugin < 19.9.9.4 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4.
6.5
CVE-2025-63026 - WordPress Grand Restaurant Theme Elements for Elementor plugin <= 2.1.1 - Cross Site Scripting (XSSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant Theme Elements for Elementor grandrestaurant-elementor allows Stored XSS.This issue affects Grand Restaurant Theme Elements for Elementor: from n/a through <= 2.1.1.
5.3
CVE-2025-63019 - WordPress Cookies and Content Security Policy plugin <= 2.34 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Johan Jonk StenstrΓΆm Cookies and Content Security Policy cookies-and-content-security-policy allows Retrieve Embedded Sensitive Data.This issue affects Cookies and Content Security Policy: from n/a through <= 2.34.
4.3
CVE-2025-63018 - WordPress Bard theme <= 2.229 - Broken Access Control vulnerability
Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229.
7.5
CVE-2025-63017 - WordPress WerkStatt plugin plugin <= 1.6.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes WerkStatt Plugin werkstatt-plugin allows PHP Local File Inclusion.This issue affects WerkStatt Plugin: from n/a through <= 1.6.6.
5.3
CVE-2025-62754 - WordPress Payment Gateway bKash for WC plugin <= 3.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway bKash for WC: from n/a through <= 3.1.0.
5.4
CVE-2025-62741 - WordPress Pool Services theme <= 3.3 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3.
5.4
CVE-2025-62106 - WordPress WP-CRM System plugin <= 3.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.