8.5
CVE-2025-49404 - WordPress Listeo-Core Plugin < 2.0.7 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in purethemes Listeo Core listeo-core allows SQL Injection.This issue affects Listeo Core: from n/a through < 2.0.7.
8.5
CVE-2025-49402 - WordPress Exertio Framework Plugin <= 1.3.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects Exertio Framework: from n/a through <= 1.3.3.
9.8
CVE-2025-49388 - WordPress Miraculous Core Plugin Plugin <= 2.0.7 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through <= 2.0.7.
10
CVE-2025-49387 - WordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload Vulβ¦
Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through <= 1.β¦
8.1
CVE-2025-49383 - WordPress Neresa Theme <= 1.3 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Neresa neresa-wp allows PHP Local File Inclusion.This issue affects Neresa: from n/a through <= 1.3.
5.9
CVE-2025-48365 - WordPress Custom Comment plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imaprogrammer Custom Comment customcomment allows Stored XSS.This issue affects Custom Comment: from n/a through <= 2.1.6.
4.9
CVE-2025-48364 - WordPress rajce plugin <= 0.4.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in vEnCa-X rajce rajce allows Server Side Request Forgery.This issue affects rajce: from n/a through <= 0.4.2.
4.3
CVE-2025-48363 - WordPress Popup for CF7 with Sweet Alert plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) vulnerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert cf7-sweet-alert-popup allows Cross Site Request Forgery.This issue affects Popup for CF7 with Sweet Alert: from n/a through <= 1.6.5.
5.4
CVE-2025-48362 - WordPress Hesabfa Accounting plugin <= 2.2.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through <= 2.2.5.
5.3
CVE-2025-48361 - WordPress Hesabfa Accounting plugin <= 2.2.5 - Sensitive Data Exposure via Log File vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Retrieve Embedded Sensitive Data.This issue affects Hesabfa Accounting: from n/a through <= 2.2.5.