7.1
CVE-2025-48309 - WordPress BetPress plugin <= 1.0.1 Lite - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress betpress allows Stored XSS.This issue affects BetPress: from n/a through <= 1.0.1 Lite.
7.1
CVE-2025-48308 - WordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) β¦
Cross-Site Request Forgery (CSRF) vulnerability in nonletter Newsletter subscription optin module newsletter-subscription-widget-for-sendblaster allows Stored XSS.This issue affects Newsletter subscription optin module: from n/a through <= 1.2.9.
7.1
CVE-2025-48307 - WordPress SEO For Images plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao SEO For Images seo-for-images allows Stored XSS.This issue affects SEO For Images: from n/a through <= 1.0.0.
7.1
CVE-2025-48306 - WordPress Savyour Affiliate Partner plugin <= 2.1.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in developers savyour Savyour Affiliate Partner savyour-affiliate-partner allows Stored XSS.This issue affects Savyour Affiliate Partner: from n/a through <= 2.1.4.
5.9
CVE-2025-48305 - WordPress Goal Tracker for Patreon plugin <= 0.4.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikingjs Goal Tracker for Patreon goal-tracker-for-patreon allows Stored XSS.This issue affects Goal Tracker for Patreon: from n/a through <= 0.4.6.
7.1
CVE-2025-48304 - WordPress Google XML News Sitemap plugin plugin <= 0.02 - Cross Site Request Forgery (CSRF) to Storβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin gn-xml-sitemap allows Stored XSS.This issue affects Google XML News Sitemap plugin: from n/a through <= 0.02.
6.5
CVE-2025-48110 - WordPress Link View plugin <= 0.8.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mibuthu Link View link-view allows Stored XSS.This issue affects Link View: from n/a through <= 0.8.0.
7.1
CVE-2025-48109 - WordPress XM-Backup plugin <= 0.9.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup xm-backup allows Stored XSS.This issue affects XM-Backup: from n/a through <= 0.9.1.
9.1
CVE-2025-48100 - WordPress bidorbuy Store Integrator plugin <= 2.12.0 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Remote Code Inclusion.This issue affects bidorbuy Store Integrator: from n/a through <= 2.12.0.
9.3
CVE-2025-39496 - WordPress WooBeWoo Product Filter Pro plugin < 2.9.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6.