7.2
CVE-2025-58642 - WordPress LTL Freight Quotes β Day & Ross Edition Plugin <= 2.1.11 - PHP Object Injection Vulnerabiβ¦
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes β Day & Ross Edition ltl-freight-quotes-day-ross-edition allows Object Injection.This issue affects LTL Freight Quotes β Day & Ross Edition: from n/a through <= 2.1.11.
5.4
CVE-2025-58641 - WordPress Exit Intent Popup Plugin <= 1.0.1 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup exitintentpopup allows Server Side Request Forgery.This issue affects Exit Intent Popup: from n/a through <= 1.0.1.
6.5
CVE-2025-58640 - WordPress Document Engine Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Document Engine document-engine allows Stored XSS.This issue affects Document Engine: from n/a through <= 1.2.
5.4
CVE-2025-58639 - WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through <= 1.6.1.
7.5
CVE-2025-58637 - WordPress immonex Kickstart Plugin <= 1.11.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart immonex-kickstart allows PHP Local File Inclusion.This issue affects immonex Kickstart: from n/a through <= 1.11.6.
5.3
CVE-2025-58635 - WordPress Support Genix Plugin <= 1.4.23 - Broken Access Control Vulnerability
Missing Authorization vulnerability in DevItems Support Genix support-genix-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Support Genix: from n/a through <= 1.4.23.
5.3
CVE-2025-58634 - WordPress PeachPay Payments Plugin <= 1.117.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in peachpay PeachPay Payments peachpay-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PeachPay Payments: from n/a through <= 1.117.4.
6.5
CVE-2025-58633 - WordPress Booking Ultra Pro Plugin <= 1.1.21 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Stored XSS.This issue affects Booking Ultra Pro: from n/a through <= 1.1.21.
6.5
CVE-2025-58632 - WordPress Dadevarzan WordPress Common Plugin <= 2.2.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common dadevarzan-common allows Stored XSS.This issue affects Dadevarzan WordPress Common: from n/a through <= 2.2.2.
5.9
CVE-2025-58631 - WordPress IssueM Plugin <= 2.9.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 IssueM issuem allows DOM-Based XSS.This issue affects IssueM: from n/a through <= 2.9.0.