4.3
CVE-2025-64238 - WordPress WPS Bidouille plugin <= 1.33.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1.
4.3
CVE-2025-64237 - WordPress Quick Interest Slider plugin <= 3.1.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= 3.1.5.
4.3
CVE-2025-59009 - WordPress Listify theme <= 3.2.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through <= 3.2.5.
4.3
CVE-2025-59001 - WordPress Salient Core plugin <= 3.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8.
4.3
CVE-2025-58999 - WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Cross Siβ¦
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
4.3
CVE-2025-54045 - WordPress CM On Demand Search And Replace plugin <= 1.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.5.
4.3
CVE-2025-54005 - WordPress SKT Page Builder plugin <= 4.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through <= 4.9.
2.7
CVE-2025-54004 - WordPress WCFM β Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerabβ¦
Missing Authorization vulnerability in WC Lovers WCFM β Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM β Frontend Manager for WooCommerce: from n/a through <= 6.7.24.
2.7
CVE-2025-49300 - WordPress Traveler Option Tree plugin <= 2.8 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8.
5.3
CVE-2025-11991 - JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation
The JetFormBuilder β Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the run_callback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate formsβ¦