4.3
CVE-2025-66532 - WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through < 3.2.1.
4.3
CVE-2025-66531 - WordPress Salon booking system plugin <= 10.30.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.30.3.
4.3
CVE-2025-66530 - WordPress Webba Booking plugin <= 6.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webba Booking: from n/a through <= 6.2.1.
4.3
CVE-2025-66529 - WordPress Chartify plugin <= 3.6.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.6.3.
4.3
CVE-2025-66528 - WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulneraβ¦
Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through <= 1.1.8.
4.3
CVE-2025-66527 - WordPress Lobo theme <= 2.8.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in VanKarWai Lobo lobo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lobo: from n/a through <= 2.8.6.
4.3
CVE-2025-66526 - WordPress Tablesome plugin <= 1.1.34 - Broken Access Control vulnerability
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.34.
4.3
CVE-2025-66525 - WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through <= 1.2.20.
4.3
CVE-2025-64257 - WordPress My Tickets plugin <= 2.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Joe Dolson My Tickets my-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Tickets: from n/a through <= 2.1.0.
4.3
CVE-2025-64256 - WordPress Simple Folio plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through <= 1.1.0.