7.1
CVE-2025-49911 - WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through <= 3.7.
8.2
CVE-2025-49910 - WordPress WPGuppy plugin <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through <= 1.1.4.
6.5
CVE-2025-49908 - WordPress WPC Countdown Timer for WooCommerce plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPClever WPC Countdown Timer for WooCommerce wpc-countdown-timer allows Stored XSS.This issue affects WPC Countdown Timer for WooCommerce: from n/a through <= 3.1.4.
4.3
CVE-2025-49907 - WordPress MDTF plugin <= 1.3.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.3.9.
5.3
CVE-2025-49906 - WordPress WPComplete plugin <= 2.9.5.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through <= 2.9.5.3.
5.3
CVE-2025-49903 - WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through <= 2.3.11.
9.8
CVE-2025-49901 - WordPress Simple Link Directory plugin < 14.8.1 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through < 14.8.1.
5.3
CVE-2025-49899 - WordPress Whydonate plugin <= 4.0.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through <= 4.0.15.
9.8
CVE-2025-49380 - WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through <= 3.7.
8.5
CVE-2025-49378 - WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.10.