6.5
CVE-2025-64354 - WordPress Gutenberg plugin <= 21.8.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through <= 21.8.2.
8.8
CVE-2025-64353 - WordPress Polylang plugin <= 3.7.3 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3.
2.7
CVE-2025-64352 - WordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4.
4.3
CVE-2025-64351 - WordPress Rank Math SEO plugin <= 1.0.252.1 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.
3.8
CVE-2025-64350 - WordPress Rank Math SEO plugin <= 1.0.252.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.
4.5
CVE-2025-40603 -
A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.
6.3
CVE-2025-11602 - Untargeted information leak in Bolt protocol handshake
Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.
8.8
CVE-2025-11843 - Thereforeโข Online and Thereforeโข On-Premises contains an account impersonation issue, which could pโฆ
Therefore Corporation GmbH has recently become aware that Thereforeโข Online and Thereforeโข On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the Theโฆ
7.5
CVE-2025-12115 - WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration
The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifically disabled for a product. This makes it posโฆ
5.3
CVE-2025-12041 - ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download
The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'erifl_file' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user roโฆ