5.3
CVE-2025-62079 - WordPress WP Export Categories & Taxonomies plugin <= 1.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies wp-export-categories-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through <= 1.0.3.
5.3
CVE-2025-62126 - WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: from n/a through <= 1.8.3.
5.3
CVE-2025-49338 - WordPress Flowbox plugin <= 1.1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Flowbox Flowbox flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through <= 1.1.6.
5.3
CVE-2025-62747 - WordPress Featured Image Generator plugin <= 1.3.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through <= 1.3.4.
5.3
CVE-2025-15390 - PHPGurukul Small CRM edit-user.php authorization
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attackβ¦
5.3
CVE-2025-49334 - WordPress MyD Delivery plugin <= 1.7.1 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Eduardo VillΓ£o MyD Delivery myd-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyD Delivery: from n/a through <= 1.7.1.
5.3
CVE-2025-59136 - WordPress Gerencianet Oficial plugin <= 3.1.3 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in EfΓ Bank Gerencianet Oficial woo-gerencianet-official allows Retrieve Embedded Sensitive Data.This issue affects Gerencianet Oficial: from n/a through <= 3.1.3.
5.3
CVE-2025-62129 - WordPress RestroPress plugin <= 3.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.7.
5.3
CVE-2025-62092 - WordPress Wiremo plugin <= 1.4.99 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.99.
5.3
CVE-2025-62755 - WordPress GS Portfolio for Envato plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through <= 1.4.2.