4.4
CVE-2025-58203 - WordPress Solace Extra Plugin <= 1.3.2 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra solace-extra allows Server Side Request Forgery.This issue affects Solace Extra: from n/a through <= 1.3.2.
4.3
CVE-2025-58202 - WordPress Simple Page Access Restriction Plugin <= 1.0.32 - Cross Site Request Forgery (CSRF) Vulneβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction simple-page-access-restriction allows Cross Site Request Forgery.This issue affects Simple Page Access Restriction: from n/a through <= 1.0.32.
5.3
CVE-2025-58201 - WordPress AfterShip Tracking Plugin <= 1.17.17 - Broken Access Control Vulnerability
Missing Authorization vulnerability in AfterShip & Automizely AfterShip Tracking aftership-woocommerce-tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AfterShip Tracking: from n/a through <= 1.17.17.
6.5
CVE-2025-58198 - WordPress Xpro Theme Builder Plugin <= 1.2.9 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through <= 1.2.9.
6.5
CVE-2025-58197 - WordPress Simple Download Monitor Plugin <= 3.9.34 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mra13 Simple Download Monitor simple-download-monitor allows Stored XSS.This issue affects Simple Download Monitor: from n/a through <= 3.9.34.
6.5
CVE-2025-58196 - WordPress UiCore Elements Plugin <= 1.3.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through <= 1.3.4.
6.5
CVE-2025-58195 - WordPress Xpro Elementor Addons Plugin <= 1.4.17 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.17.
6.5
CVE-2025-58194 - WordPress Bold Page Builder Plugin <= 5.4.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.4.3.
4.3
CVE-2025-58193 - WordPress Uncanny Automator Plugin <= 6.7.0.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through <= 6.7.0.1.
4.3
CVE-2025-58192 - WordPress WP Bulk Delete Plugin <= 1.3.6 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a through <= 1.3.6.