0.0
CVE-2025-59001 - WordPress Salient Core plugin <= 3.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8.
0.0
CVE-2025-58999 - WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Cross Siβ¦
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
0.0
CVE-2025-54045 - WordPress CM On Demand Search And Replace plugin <= 1.5.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.4.
0.0
CVE-2025-54005 - WordPress SKT Page Builder plugin <= 4.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through <= 4.9.
0.0
CVE-2025-54004 - WordPress WCFM β Frontend Manager for WooCommerce plugin <= 6.7.21 - Broken Access Control vulnerabβ¦
Missing Authorization vulnerability in WC Lovers WCFM β Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM β Frontend Manager for WooCommerce: from n/a through <= 6.7.21.
0.0
CVE-2025-49300 - WordPress Traveler Option Tree plugin <= 2.8 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8.
5.3
CVE-2025-11991 - JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation
The JetFormBuilder β Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the run_callback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate formsβ¦
5.9
CVE-2025-13439 - Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Information Disclosure viβ¦
The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the fpd_custom_uplod_file AJAX action, which flows directly into the getimagesβ¦
8.6
CVE-2025-66635 -
Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References].
5.9
CVE-2025-62330 - HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information
HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive moβ¦