7.1
CVE-2025-49957 - WordPress Email Attachment by Order Status & Products Plugin <= 1.0.1 - Cross Site Scripting (XSS) β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status & Products email-attachment-by-order-status-products allows Reflected XSS.This issue affects Email Attachment by Order Status &amβ¦
7.1
CVE-2025-49956 - WordPress Fade Slider plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anandaraj Balu Fade Slider fade-slider allows Reflected XSS.This issue affects Fade Slider: from n/a through <= 2.5.
7.1
CVE-2025-49955 - WordPress WP Smart Flexslider Plugin <= 2.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rajan Vijayan WP Smart Flexslider wp-smart-flexslider allows Reflected XSS.This issue affects WP Smart Flexslider: from n/a through <= 2.5.
7.1
CVE-2025-49954 - WordPress WP-Click-Tracker Plugin <= 0.7.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mithra62 WP-Click-Tracker wp-click-track allows Reflected XSS.This issue affects WP-Click-Tracker: from n/a through <= 0.7.3.
7.1
CVE-2025-49953 - WordPress ShareBang, Ultimate Social Share Buttons for WordPress Plugin <= 1.4 - Cross Site Scriptiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeinity ShareBang, Ultimate Social Share Buttons for WordPress sharebang allows Reflected XSS.This issue affects ShareBang, Ultimate Social Share Buttons for WordPress: from n/a through <= 1.4.
6.3
CVE-2025-49952 - WordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.2.5.
7.1
CVE-2025-49951 - WordPress gAppointments Plugin <= 1.14.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcrunch gAppointments gAppointments allows Reflected XSS.This issue affects gAppointments: from n/a through <= 1.14.1.
7.3
CVE-2025-49950 - WordPress Official Integration for Billingo plugin <= 4.3.0 - Privilege Escalation vulnerability
Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through <= 4.3.0.
5.5
CVE-2025-49949 - WordPress Templazee plugin <= 1.0.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2.
7.1
CVE-2025-49948 - WordPress WP Super Edit plugin <= 2.5.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad Awais WP Super Edit wp-super-edit allows Reflected XSS.This issue affects WP Super Edit: from n/a through <= 2.5.4.