8.8
CVE-2025-54742 - WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 4.4.8.
9.8
CVE-2025-54738 - WordPress Jobmonster Theme <= 4.7.9 - Broken Authentication Vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster noo-jobmonster allows Authentication Abuse.This issue affects Jobmonster: from n/a through <= 4.7.9.
5.8
CVE-2025-54734 - WordPress B Slider Plugin <= 1.1.30 - Broken Access Control Vulnerability
Missing Authorization vulnerability in bPlugins B Slider b-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Slider: from n/a through <= 1.1.30.
6.5
CVE-2025-54733 - WordPress All Bootstrap Blocks Plugin <= 1.3.28 - Broken Access Control Vulnerability
Missing Authorization vulnerability in all_bootstrap_blocks All Bootstrap Blocks all-bootstrap-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All Bootstrap Blocks: from n/a through <= 1.3.28.
8.1
CVE-2025-54731 - WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase youtube-showcase allows Object Injection.This issue affects YouTube Showcase: from n/a through <= 3.5.1.
9.8
CVE-2025-54725 - WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo golo allows Authentication Abuse.This issue affects Golo: from n/a through <= 1.7.0.
7.1
CVE-2025-54724 - WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through <= 1.7.1.
9.3
CVE-2025-54720 - WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SteelThemes Nest Addons nest-addons allows SQL Injection.This issue affects Nest Addons: from n/a through <= 1.6.3.
8.1
CVE-2025-54716 - WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca ireca allows PHP Local File Inclusion.This issue affects Ireca: from n/a through <= 1.8.5.
7.1
CVE-2025-54714 - WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.201.