6.4
CVE-2025-28987 - WordPress PressForward <= 5.9.1 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward allows Server Side Request Forgery. This issue affects PressForward: from n/a through 5.9.1.
7.1
CVE-2025-28999 - WordPress WooCommerce Shop Page Builder <= 2.27.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7.
7.1
CVE-2025-29014 - WordPress FoodMenu <= 1.20 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a through 1.20.
7.1
CVE-2025-30626 - WordPress Multimedia Playlist Slider Addon for WPBakery Page Builder <= 2.1 - Cross Site Scripting β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through 2.1.
8.1
CVE-2025-30635 - WordPress IDonatePro <= 2.1.9 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro allows PHP Local File Inclusion. This issue affects IDonatePro: from n/a through 2.1.9.
7.5
CVE-2025-30639 - WordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ThemeAtelier IDonatePro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IDonatePro: from n/a through 2.1.9.
6.5
CVE-2025-30993 - WordPress Thank You Page Customizer for WooCommerce β Increase Your Sales <= 1.1.7 - Broken Access β¦
Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce β Increase Your Sales allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thank You Page Customizer for WooCommerce β Increase Your Sales: from n/a through 1.1.7.
8.5
CVE-2025-30998 - WordPress WP Links Page <= 4.9.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injection. This issue affects WP Links Page: from n/a through 4.9.6.
7.1
CVE-2025-31007 - WordPress Billplz Addon for Contact Form 7 Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 allows Reflected XSS. This issue affects Billplz Addon for Contact Form 7: from n/a through 1.2.0.
7.5
CVE-2025-31425 - WordPress WP Lead Capturing Pages plugin <= 2.3 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Lead Capturing Pages: from n/a through 2.3.