7.1
CVE-2025-48296 - WordPress UpStore <= 1.7.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup UpStore upstore allows Reflected XSS.This issue affects UpStore: from n/a through <= 1.7.0.
7.1
CVE-2025-48297 - WordPress Simple Link Directory < 14.8.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Reflected XSS.This issue affects Simple Link Directory: from n/a through < 14.8.1.
7.5
CVE-2025-48298 - WordPress SEOPress for MainWP <= 1.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Benjamin Denis SEOPress for MainWP seopress-for-mainwp allows PHP Local File Inclusion.This issue affects SEOPress for MainWP: from n/a through <= 1.4.
7.5
CVE-2025-48302 - WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEngine: from n/a through <= 1.7.4.
8.5
CVE-2025-53194 - WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0.
6.5
CVE-2025-53195 - WordPress JetEngine plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.0.
6.5
CVE-2025-53196 - WordPress JetEngine <= 3.7.0 - Sensitive Data Exposure Vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through <= 3.7.0.
8.1
CVE-2025-53198 - WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through <= 4.0.4.
7.1
CVE-2025-53201 - WordPress Jobmonster theme <= 4.7.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.7.8.
8.1
CVE-2025-53204 - WordPress eventlist plugin <= 1.9.2 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist eventlist allows PHP Local File Inclusion.This issue affects eventlist: from n/a through <= 1.9.2.