8.1
CVE-2025-49894 - WordPress Nuss Theme <= 1.3.3 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through <= 1.3.3.
5.3
CVE-2025-49896 - WordPress WP Discord Post Plus β Supports Unlimited Channels plugin <= 1.0.2 - Cross Site Request β¦
Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP Discord Post Plus β Supports Unlimited Channels allows Cross Site Request Forgery. This issue affects WP Discord Post Plus β Supports Unlimited Channels: from n/a through 1.0.2.
8.8
CVE-2025-48142 - WordPress Bookify <= 1.0.9 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify bookify allows Privilege Escalation.This issue affects Bookify: from n/a through <= 1.0.9.
10
CVE-2025-48148 - WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4.
8.1
CVE-2025-48149 - WordPress Cook&Meal <= 1.2.3 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue affects Cook&Meal: from n/a through <= 1.2.3.
7.1
CVE-2025-48151 - WordPress CM Map Locations <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects CM Map Locations: from n/a through <= 2.1.6.
7.1
CVE-2025-48152 - WordPress Rentsyst Plugin <= 2.0.100 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst rentsyst allows Reflected XSS.This issue affects Rentsyst: from n/a through <= 2.0.100.
7.1
CVE-2025-48154 - WordPress Multimedia Playlist Slider Addon for WPBakery Page Builder Plugin <= 2.1 - Cross Site Scrβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.This issue affects Multimedia Playlist Slider Addon for WPBakβ¦
8.1
CVE-2025-48157 - WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through <= 1.5.9.
8.6
CVE-2025-48158 - WordPress BuddyPress XProfile Custom Image Field Plugin <= 3.0.1 - Arbitrary File Deletion Vulnerabβ¦
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue affects BuddyPress XProfile Custom Image Field: from n/a through <= 3.0.1.