4.3
CVE-2025-59001 - WordPress Salient Core plugin <= 3.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8.
4.3
CVE-2025-58999 - WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Cross Siβ¦
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
4.3
CVE-2025-54045 - WordPress CM On Demand Search And Replace plugin <= 1.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.5.
4.3
CVE-2025-54005 - WordPress SKT Page Builder plugin <= 4.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through <= 4.9.
2.7
CVE-2025-54004 - WordPress WCFM β Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerabβ¦
Missing Authorization vulnerability in WC Lovers WCFM β Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM β Frontend Manager for WooCommerce: from n/a through <= 6.7.24.
2.7
CVE-2025-49300 - WordPress Traveler Option Tree plugin <= 2.8 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8.
5.3
CVE-2025-11991 - JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation
The JetFormBuilder β Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the run_callback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate formsβ¦
5.9
CVE-2025-13439 - Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Information Disclosure anβ¦
The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpd_custom_uplod_file' AJAX action, which flows β¦
8.6
CVE-2025-66635 -
Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References].
5.9
CVE-2025-62330 - HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information
HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive moβ¦