5.3
CVE-2025-64635 - WordPress Feeds for YouTube plugin <= 2.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0.
5.3
CVE-2025-64634 - WordPress Avada theme <= 7.13.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.2.
5.3
CVE-2025-64633 - WordPress Norebro Extra plugin <= 1.6.8 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through <= 1.6.8.
5.3
CVE-2025-64632 - WordPress Google XML Sitemaps plugin <= 4.1.22 - Broken Access Control vulnerability
Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.22.
4.9
CVE-2025-64631 - WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.7.1.
4.9
CVE-2025-64630 - WordPress Business Directory plugin <= 6.4.19 - Broken Access Control vulnerability
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.19.
4.9
CVE-2025-64253 - WordPress Health Check & Troubleshooting plugin <= 1.7.1 - Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1.
4.9
CVE-2025-64251 - WordPress Ultimate Learning Pro plugin <= 3.9.3 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.3.
4.7
CVE-2025-64250 - WordPress Directorist plugin <= 8.6.6 - Open Redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through <= 8.6.6.
4.3
CVE-2025-64249 - WordPress Protect WP Admin plugin <= 4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP-EXPERTS.IN Protect WP Admin protect-wp-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protect WP Admin: from n/a through <= 4.1.