6.6
CVE-2025-66115 - WordPress Easy Invoice plugin <= 2.1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through <= 2.1.4.
5.3
CVE-2025-66114 - WordPress Show Variations as Single Products Woocommerce plugin <= 2.0 - Broken Access Control vulnβ¦
Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through <= 2β¦
5.3
CVE-2025-66113 - WordPress Better Chat Support for Messenger plugin <= 1.2.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeAtelier Better Chat Support for Messenger better-chat-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Chat Support for Messenger: from n/a through <= 1.2.18.
4.3
CVE-2025-66112 - WordPress Accessibility Toolkit by WebYes plugin <= 2.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Toolkit by WebYes: from n/a through <= 2.0.4.
6.5
CVE-2025-66111 - WordPress Nelio Popups plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through <= 1.3.0.
5.3
CVE-2025-66110 - WordPress Tiktok Feed plugin <= 1.0.23 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through <= 1.0.23.
5.3
CVE-2025-66109 - WordPress Cart Weight for WooCommerce plugin <= 1.9.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in Octolize Shipping Plugins Cart Weight for WooCommerce woo-cart-weight allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cart Weight for WooCommerce: from n/a through <= 1.9.11.
4.3
CVE-2025-66108 - WordPress TNC Toolbox: Web Performance plugin <= 2.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Merlot Digital (by TNC) TNC Toolbox: Web Performance tnc-toolbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TNC Toolbox: Web Performance: from n/a through <= 2.0.4.
5.3
CVE-2025-66107 - WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Broken Access Control vulnerabilβ¦
Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscriptions & Memberships for PayPal: from n/a through <= 1.1.7.
4.3
CVE-2025-66106 - WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through <= 1.5.5.