7.5
CVE-2025-30975 - WordPress Add Custom Codes <= 4.80 - Arbitrary Code Execution vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through <= 4.80.
6.5
CVE-2025-47650 - WordPress Infility Global <= 2.15.06 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global infility-global allows Path Traversal.This issue affects Infility Global: from n/a through <= 2.15.06.
9.8
CVE-2025-49409 - WordPress SensorPress plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SensorPress allows Stored XSS. This issue affects SensorPress: from n/a through 1.0.
10
CVE-2025-49410 - WordPress TC Testimonials plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through 1.1.1.
7.1
CVE-2025-49411 - WordPress iFrame Block plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.1.1.
5.9
CVE-2025-49412 - WordPress Page Transition plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in numixtech Page Transition page-transition allows Stored XSS.This issue affects Page Transition: from n/a through <= 1.3.
7.1
CVE-2025-49413 - WordPress Super Store Finder Plugin <= 7.6 - Reflected Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp allows Reflected XSS.This issue affects Super Store Finder: from n/a through <= 7.6.
7.1
CVE-2025-49420 - WordPress Ultra Portfolio - WordPress Plugin <= 6.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Reflected XSS.This issue affects Ultra Portfolio: from n/a through <= 6.7.
9.8
CVE-2025-49422 - WordPress Support Ticket Plugin <= 1.9 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9.
7.1
CVE-2025-49424 - WordPress Support Ticket Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Support Ticket support-ticket allows Reflected XSS.This issue affects Support Ticket: from n/a through <= 1.9.