4.3
CVE-2025-69091 - WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through <= 2.0.8.
6.5
CVE-2025-69089 - WordPress Auto Listings plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in autolistings Auto Listings auto-listings allows Stored XSS.This issue affects Auto Listings: from n/a through <= 2.7.1.
6.5
CVE-2025-69088 - WordPress Combo Offers WooCommerce plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through <= 4.2.
8.1
CVE-2025-69034 - WordPress Lekker theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8.
6.5
CVE-2025-69033 - WordPress Blog Filter plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.3.
5.4
CVE-2025-69032 - WordPress FiveStar theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7.
5.3
CVE-2025-69031 - WordPress Arcane theme <= 3.6.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Skywarrior Arcane arcane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arcane: from n/a through <= 3.6.6.
5.4
CVE-2025-69030 - WordPress Backpack Traveler theme <= 2.10.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through <= 2.10.3.
5.4
CVE-2025-69029 - WordPress Struktur theme <= 2.5.1 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through <= 2.5.1.
5.3
CVE-2025-69028 - WordPress weForms plugin <= 1.6.25 - Broken Access Control vulnerability
Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.