6.5
CVE-2025-67546 - WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6.
7.1
CVE-2025-66119 - WordPress Hostel plugin <= 1.1.5.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.9.
7.1
CVE-2025-66118 - WordPress Sprout Clients plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a through <= 3.2.1.
7.5
CVE-2025-66117 - WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8.
7.5
CVE-2025-66116 - WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerabiliβ¦
Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through <= 2.3.
6.5
CVE-2025-66104 - WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.9.5 - Broken Access Control vulβ¦
Missing Authorization vulnerability in Anton Vanyukov Offload, AI & Optimize with Cloudflare Images cf-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Offload, AI & Optimize with Cloudflare Images: from n/a through <= 1.9.5.
7.1
CVE-2025-66102 - WordPress FV Antispam plugin <= 2.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Antispam fv-antispam allows Reflected XSS.This issue affects FV Antispam: from n/a through <= 2.7.
6.5
CVE-2025-66100 - WordPress RestroPress plugin <= 3.2.3.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.3.5.
7.5
CVE-2025-66088 - WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.
9.1
CVE-2025-66078 - WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through <= 5.2.3.