7.5
CVE-2025-30639 - WordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ThemeAtelier IDonatePro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IDonatePro: from n/a through 2.1.9.
6.5
CVE-2025-30993 - WordPress Thank You Page Customizer for WooCommerce β Increase Your Sales <= 1.1.7 - Broken Access β¦
Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce β Increase Your Sales allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thank You Page Customizer for WooCommerce β Increase Your Sales: from n/a through 1.1.7.
8.5
CVE-2025-30998 - WordPress WP Links Page <= 4.9.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injection. This issue affects WP Links Page: from n/a through 4.9.6.
7.1
CVE-2025-31007 - WordPress Billplz Addon for Contact Form 7 Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 allows Reflected XSS. This issue affects Billplz Addon for Contact Form 7: from n/a through 1.2.0.
7.5
CVE-2025-31425 - WordPress WP Lead Capturing Pages plugin <= 2.3 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Lead Capturing Pages: from n/a through 2.3.
7.5
CVE-2025-32288 - WordPress RT-Theme 18 | Extensions plugin <= 2.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions allows PHP Local File Inclusion. This issue affects RT-Theme 18 | Extensions: from n/a through 2.4.
6.5
CVE-2025-39483 - WordPress Eventer plugin <= 3.9.6 - Shortcode Injection vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer allows Code Injection. This issue affects Eventer: from n/a through 3.9.6.
8.5
CVE-2025-39510 - WordPress Pinterest Automatic Pin plugin < 4.19.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin allows SQL Injection. This issue affects Pinterest Automatic Pin: from n/a through n/a.
7.2
CVE-2025-47536 - WordPress Content Egg plugin <= 7.0.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in keywordrush Content Egg allows Object Injection. This issue affects Content Egg: from n/a through 7.0.0.
6.5
CVE-2025-47610 - WordPress WooCommerce Fortnox Integration <= 4.5.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration allows Stored XSS. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.6.