6.5
CVE-2025-27006 - WordPress Authorsy Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeplugs Authorsy authorsy allows Stored XSS.This issue affects Authorsy: from n/a through <= 1.0.5.
7.1
CVE-2025-48107 - WordPress Uncode theme < 2.9.4.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undsgn Uncode uncode allows Reflected XSS.This issue affects Uncode: from n/a through < 2.9.4.4.
6.5
CVE-2025-48326 - WordPress Acclectic Media Organizer Plugin <= 1.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer acclectic-media-organizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acclectic Media Organizer: from n/a through <= 1.4.
4.3
CVE-2025-58914 - WordPress Di Themes Demo Site Importer plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Plugin β¦
Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes Demo Site Importer di-themes-demo-site-importer allows Cross Site Request Forgery.This issue affects Di Themes Demo Site Importer: from n/a through <= 1.2.
6.5
CVE-2025-58917 - WordPress Quantities and Units for WooCommerce plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows Stored XSS.This issue affects Quantities and Units for WooCommerce: from n/a through <= 1.0.13.
5.3
CVE-2025-58919 - WordPress Wide Banner plugin <= 1.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in guihom Wide Banner wide-banner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wide Banner: from n/a through <= 1.0.4.
7.1
CVE-2025-59012 - WordPress Traveler theme < 3.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through < 3.2.3.
7.7
CVE-2025-59002 - WordPress BM Content Builder Plugin < 3.16.3.3 - Arbitrary File Deletion Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through < 3.16.3.3.
7.5
CVE-2025-59010 - WordPress Permalink Manager Lite Plugin <= 2.5.1.3 - Sensitive Data Exposure Vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Retrieve Embedded Sensitive Data.This issue affects Permalink Manager Lite: from n/a through <= 2.5.1.3.
7.5
CVE-2025-59011 - WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through < 3.2.3.