7.1
CVE-2025-49247 - WordPress Team Showcase plugin < 25.05.13 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Team Showcase team-showcase-cm allows DOM-Based XSS.This issue affects Team Showcase: from n/a through < 25.05.13.
7.1
CVE-2025-49274 - WordPress Neom Blog theme <= 0.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awordpresslife Neom Blog neom-blog allows Reflected XSS.This issue affects Neom Blog: from n/a through <= 0.0.9.
10
CVE-2025-49302 - WordPress Easy Stripe plugin <= 1.1 - Remote Code Execution (RCE) Vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe easy-stripe allows Remote Code Inclusion.This issue affects Easy Stripe: from n/a through <= 1.1.
6.8
CVE-2025-49303 - WordPress Frontend Admin by DynamiApps plugin <= 3.28.7 - Arbitrary File Download Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Path Traversal.This issue affects Frontend Admin by DynamiApps: from n/a through <= 3.28.7.
0.0
CVE-2025-49866 - WordPress Beautiful Cookie Consent Banner plugin <= 4.6.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through <= 4.6.1.
9.8
CVE-2025-49867 - WordPress RealHomes theme <= 4.4.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.4.0.
7.5
CVE-2025-49870 - WordPress Paid Member Subscriptions plugin <= 2.15.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.1.
6.5
CVE-2025-50032 - WordPress Paytiko for WooCommerce plugin <= 1.4.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paytiko - Payment Orchestration Platform Paytiko for WooCommerce paytiko allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paytiko for WooCommerce: from n/a through <= 1.4.6.
6.5
CVE-2025-50039 - WordPress VG WORT METIS plugin <= 2.0.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in vgwort VG WORT METIS vgw-metis allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VG WORT METIS: from n/a through <= 2.0.1.
7.2
CVE-2025-52718 - WordPress Alone theme <= 7.8.2 - Arbitrary Code Execution Vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through <= 7.8.2.