5.3
CVE-2025-68571 - WordPress SALESmanago plugin <= 3.9.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through <= 3.9.0.
7.6
CVE-2025-68570 - WordPress Captivate Sync plugin <= 3.2.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through <= 3.2.2.
6.5
CVE-2025-68569 - WordPress WP Time Slots Booking Form plugin <= 1.2.39 - Broken Access Control vulnerability
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.39.
5.3
CVE-2025-68568 - WordPress Claspo โ Popups, Spin the Wheel & Email Capture plugin <= 1.0.7 - Broken Access Control vโฆ
Missing Authorization vulnerability in Claspo Popup Builders Claspo โ Popups, Spin the Wheel & Email Capture claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Claspo โ Popups, Spin the Wheel & Email Capture: from n/a through <= 1.0.7.
5.4
CVE-2025-68567 - WordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through <= 3.6.33.
5.9
CVE-2025-68566 - WordPress My auctions allegro plugin <= 3.6.35 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.35.
5.3
CVE-2025-68565 - WordPress Twitch Player plugin <= 2.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3.
8.1
CVE-2025-68506 - WordPress Docket Cache plugin <= 24.07.03 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.03.
7.2
CVE-2025-68038 - WordPress Icegram Express Pro plugin < 5.9.14 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through < 5.9.14.
7.5
CVE-2025-67909 - WordPress Membership For WooCommerce plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulโฆ
Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3.