5.4
CVE-2025-68598 - WordPress Page Builder: Live Composer plugin <= 2.1.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through <= 2.1.11.
5.4
CVE-2025-68597 - WordPress Jobs for WordPress plugin <= 2.8.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through <= 2.8.1.
8.8
CVE-2025-68596 - WordPress Bit Assist plugin <= 1.5.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11.
8.8
CVE-2025-68595 - WordPress Widgets for Social Photo Feed plugin <= 1.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.8.
8.1
CVE-2025-68594 - WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin <= 19.12.0 - Broken Access Contrβ¦
Missing Authorization vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through <= 19.12β¦
8.8
CVE-2025-68593 - WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.
8.8
CVE-2025-68592 - WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.
8.1
CVE-2025-68591 - WordPress Simple File List plugin <= 6.1.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.18.
9.8
CVE-2025-68590 - WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.2.
8.1
CVE-2025-68589 - WordPress WP Telegram Widget and Join Link plugin <= 2.2.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.12.