6.4
CVE-2025-10190 - WP Easy Toggles <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated att…
6.8
CVE-2025-9975 - WP Scraper <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery
The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wp_scraper_extract_content function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary …
9.8
CVE-2025-6439 - WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Deletion
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdp_save_canvas_design_ajax' function in all versions up to, and including, 1.9.26. …
6.4
CVE-2025-7652 - Easy Plugin Stats <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Easy Plugin Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eps' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attac…
6.4
CVE-2025-10167 - Stock History & Reports Manager for WooCommerce <= 2.2.2 - Authenticated (Contributor+) Stored Cros…
The Stock History & Reports Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_stock_snapshot_restocked shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied a…
4.3
CVE-2025-9621 - WidgetPack Comment System <= 1.6.1 - Cross-Site Request Forgery
The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on the wpcmt_sync action in the wpcmt_request_handler function. This makes it possible for unauthenticated…
5.5
CVE-2025-58293 -
Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability.
5.9
CVE-2025-58289 -
Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability.
6.2
CVE-2025-58301 -
Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability.
6.2
CVE-2025-58300 -
Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability.