4.3
CVE-2025-62978 - WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through <= 1.8.5.
5.3
CVE-2025-62977 - WordPress ηΎεΊ¦η«ιΏSEOει(ζ―ζηΎεΊ¦/η₯马/Bing/倴ζ‘ζ¨ι) plugin <= 2.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in ζ²δΉζΆ ηΎεΊ¦η«ιΏSEOει(ζ―ζηΎεΊ¦/η₯马/Bing/倴ζ‘ζ¨ι) baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ηΎεΊ¦η«ιΏSEOει(ζ―ζηΎεΊ¦/η₯马/Bing/倴ζ‘ζ¨ι): from n/a through <= 2.1.4.
5.3
CVE-2025-62976 - WordPress Sendle Shipping plugin <= 6.02 - Broken Access Control vulnerability
Missing Authorization vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sendle Shipping: from n/a through <= 6.02.
4.3
CVE-2025-62975 - WordPress Raychat plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in raychat Raychat raychat allows Cross Site Request Forgery.This issue affects Raychat: from n/a through <= 2.2.1.
6.5
CVE-2025-62974 - WordPress Headline Analyzer plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Stored XSS.This issue affects Headline Analyzer: from n/a through <= 1.3.7.
5.3
CVE-2025-62973 - WordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0.
4.3
CVE-2025-62972 - WordPress WebinarPress plugin <= 1.33.28 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through <= 1.33.28.
6.5
CVE-2025-62971 - WordPress Attesa Extra plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrestaProject Attesa Extra attesa-extra allows Stored XSS.This issue affects Attesa Extra: from n/a through <= 1.4.7.
5.3
CVE-2025-62970 - WordPress Link Whisper Free plugin <= 0.9.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through <= 0.9.2.
6.5
CVE-2025-62969 - WordPress NextMove Lite plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Stored XSS.This issue affects NextMove Lite: from n/a through <= 2.23.0.