6.5
CVE-2025-52721 - WordPress Global Gallery Plugin <= 9.2.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3.
7.5
CVE-2025-52728 - WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerabβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local File Inclusion. This issue affects Responsive Posts Carousel WordPress Plugin: from n/a through 15.0.
6.5
CVE-2025-52730 - WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Stored XSS. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24.
7.5
CVE-2025-52731 - WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Cβ¦
Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24.
8.8
CVE-2025-52732 - WordPress Google Map Targeting Plugin <= 1.1.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 Google Map Targeting allows PHP Local File Inclusion. This issue affects Google Map Targeting: from n/a through 1.1.6.
7.1
CVE-2025-52775 - WordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Project Cost Calculator: from n/a through 1.0.0.
7.1
CVE-2025-52785 - WordPress SMM API Plugin <= 6.0.30 - Broken Access Control Vulnerability
Missing Authorization vulnerability in softnwords SMM API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMM API: from n/a through 6.0.30.
7.1
CVE-2025-52788 - WordPress CaptionPix <= 1.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected XSS. This issue affects CaptionPix: from n/a through 1.8.
7.3
CVE-2025-52800 - WordPress The E-Commerce ERP <= 2.1.1.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3.
7.3
CVE-2025-52801 - WordPress TheBooking Plugin <= 1.4.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in VonStroheim TheBooking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects TheBooking: from n/a through 1.4.4.