4.3
CVE-2025-62103 - WordPress Media Library File Download plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerabili…
Cross-Site Request Forgery (CSRF) vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Media Library File Download: from n/a through <= 1.4.
4.3
CVE-2025-62102 - WordPress DoFollow Case by Case plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through <= 3.5.1.
5.3
CVE-2025-62100 - WordPress ThemeRain Core plugin <= 1.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through <= 1.1.9.
8.5
CVE-2025-62093 - WordPress Image&Video FullScreen Background plugin <= 1.6.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Image&Video FullScreen Background lbg_fullscreen_fullwidth_slider allows SQL Injection.This issue affects Image&Video FullScreen Background: from n/a through <= 1.6.7.
6.5
CVE-2025-62090 - WordPress Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons plugin <= 3.0.2 - B…
Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons: fr…
5.4
CVE-2025-62086 - WordPress Яндекс Доставка (Boxberry) plugin <= 2.34 - Broken Access Control vulnerability
Missing Authorization vulnerability in akazanstev Яндекс Доставка (Boxberry) boxberry allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Яндекс Доставка (Boxberry): from n/a through <= 2.34.
5.3
CVE-2025-62085 - WordPress BERTHA AI plugin <= 1.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.
6.5
CVE-2025-62082 - WordPress Generic Elements plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows Stored XSS.This issue affects Generic Elements: from n/a through <= 1.2.9.
4.3
CVE-2025-59132 - WordPress Duplicate Content Cure plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Badi Jones Duplicate Content Cure duplicate-content-cure allows Cross Site Request Forgery.This issue affects Duplicate Content Cure: from n/a through <= 1.0.
7.1
CVE-2025-49351 - WordPress Create Posts & Terms plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through <= 1.3.1.