7.1
CVE-2025-62956 - WordPress Reloadly plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through <= 2.0.1.
4.3
CVE-2025-62954 - WordPress Revive Old Posts plugin <= 9.3.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through <= 9.3.3.
4.3
CVE-2025-62953 - WordPress Welcart e-Commerce plugin <= 2.11.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through <= 2.11.24.
4.3
CVE-2025-62952 - WordPress ChatBot plugin <= 7.7.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.7.3.
6.5
CVE-2025-62951 - WordPress H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through <= 1.16.0.
6.5
CVE-2025-62949 - WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Stored XSS.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through <= 1.1.2.
6.5
CVE-2025-62948 - WordPress Date counter plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Konstantin Pankratov Date counter date-counter allows Stored XSS.This issue affects Date counter: from n/a through <= 2.0.3.
5
CVE-2025-62947 - WordPress Publitio plugin <= 2.2.5 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.5.
5.3
CVE-2025-62946 - WordPress Everest Backup plugin <= 2.3.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through <= 2.3.8.
7.1
CVE-2025-62945 - WordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through <= 1.0.30.