5
CVE-2025-58606 - WordPress SaasLauncher Theme <= 1.3.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in cozythemes SaasLauncher saaslauncher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SaasLauncher: from n/a through <= 1.3.0.
6.5
CVE-2025-58605 - WordPress WP Delicious Plugin <= 1.8.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious delicious-recipes allows Stored XSS.This issue affects WP Delicious: from n/a through <= 1.8.7.
7.6
CVE-2025-58604 - WordPress Mail Mint Plugin <= 1.18.5 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through <= 1.18.5.
5.3
CVE-2025-58603 - WordPress Surfer Plugin <= 1.6.4.574 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Surfer Surfer surferseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Surfer: from n/a through <= 1.6.4.574.
6.5
CVE-2025-58602 - WordPress If-So Dynamic Content Personalization Plugin <= 1.9.4 - Cross Site Scripting (XSS) Vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through <= 1.9.4.
4.3
CVE-2025-58601 - WordPress Classified Listing Plugin <= 5.0.6 - Broken Access Control Vulnerability
Missing Authorization vulnerability in RadiusTheme Classified Listing classified-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Classified Listing: from n/a through <= 5.0.6.
5.3
CVE-2025-58600 - WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.9.
4.3
CVE-2025-58599 - WordPress Order Delivery Date for WooCommerce Plugin <= 4.1.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-delivery-date-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery Date for WooCommerce: from n/a through <= 4.1.0.
6.6
CVE-2025-58598 - WordPress Klarna Order Management for WooCommerce Plugin <= 1.9.8 - Sensitive Data Exposure Vulneraβ¦
Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through <= 1.9.8.
4.3
CVE-2025-58597 - WordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.6.