6.5
CVE-2025-30915 - WordPress Small Package Quotes โ Worldwide Express Edition plugin <= 5.2.19 - Broken Access Controlโฆ
Missing Authorization vulnerability in enituretechnology Small Package Quotes โ Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes โ Worldwide Express Edition: from n/a through 5.2.19.
7.1
CVE-2025-30908 - WordPress Web Directory Free plugin <= 1.7.6 - CSRF to Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free allows Stored XSS. This issue affects Web Directory Free: from n/a through 1.7.6.
8.8
CVE-2025-30889 - WordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider allows Object Injection. This issue affects Testimonial Slider: from n/a through 2.0.13.
7.1
CVE-2025-30858 - WordPress Snow Storm plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Snow Storm allows Reflected XSS. This issue affects Snow Storm: from n/a through 1.4.6.
7.1
CVE-2025-30616 - WordPress Latest Custom Post Type Updates plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vuโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Latest Custom Post Type Updates allows Reflected XSS. This issue affects Latest Custom Post Type Updates: from n/a through 1.3.0.
7.1
CVE-2025-30611 - WordPress Wptobe-signinup plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Wptobe-signinup allows Reflected XSS. This issue affects Wptobe-signinup: from n/a through 1.1.2.
6.5
CVE-2025-30596 - WordPress include-file <= 1 - Arbitrary File Download Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound include-file allows Path Traversal. This issue affects include-file: from n/a through 1.
9.1
CVE-2025-2946 - Cross-Site Vulnerability(XSS) due to arbitrary HTML/JavaScript gets executed while query result renโฆ
pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackersย execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.
9.9
CVE-2025-2945 - pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints;ย /sqleditor/query_tool/download, where the query_commited parameter andย /cloud/deploy endpoint, where the high_availability parameter isย uโฆ
6.4
CVE-2024-9416 - Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scriptingโฆ
The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacโฆ