9.3
CVE-2025-31551 - WordPress Salesmate Add-On for Gravity Forms plugin <= 2.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows SQL Injection. This issue affects Salesmate Add-On for Gravity Forms: from n/a through 2.0.3.
5.8
CVE-2025-31550 - WordPress WP-LESS plugin <= 1.9.3-3 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS allows Retrieve Embedded Sensitive Data. This issue affects WP-LESS: from 1.9.3 through 3.
7.1
CVE-2025-31548 - WordPress Ultimate Push Notifications plugin <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Tuhin Ultimate Push Notifications allows Reflected XSS. This issue affects Ultimate Push Notifications: from n/a through 1.1.8.
7.1
CVE-2025-31537 - WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 2.16 - Reflected Cross Site Scripting (XSS) vulβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in madfishdigital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS. This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.16.
9.3
CVE-2025-31534 - WordPress Shopper plugin <= 3.2.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shopperdotcom Shopper allows SQL Injection. This issue affects Shopper: from n/a through 3.2.5.
9.3
CVE-2025-31531 - WordPress History Log by click5 plugin <= 1.0.13 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in click5 History Log by click5 allows SQL Injection. This issue affects History Log by click5: from n/a through 1.0.13.
4.3
CVE-2025-31525 - WordPress WP Mobile Bottom Menu plugin <= 1.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Mobile Bottom Menu: from n/a through 1.2.9.
7.1
CVE-2025-31462 - WordPress CGM Event Calendar <= 0.8.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rzfarrell CGM Event Calendar allows Reflected XSS. This issue affects CGM Event Calendar: from n/a through 0.8.5.
7.1
CVE-2025-31461 - WordPress NanoSupport plugin <= 0.6.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound NanoSupport allows Reflected XSS. This issue affects NanoSupport: from n/a through 0.6.0.
7.1
CVE-2025-31455 - WordPress Limit Max IPs Per User plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Limit Max IPs Per User allows DOM-Based XSS. This issue affects Limit Max IPs Per User: from n/a through 1.5.