9.3
CVE-2025-52830 - WordPress bSecure β Your Universal Checkout plugin <= 1.7.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSecure - Your Universal Checkout bSecure – Your Universal Checkout bsecure allows Blind SQL Injection.This issue affects bSecure – Your Universal Checkout: from n/a through <= 1.7.9.
9.3
CVE-2025-52831 - WordPress Video List Manager plugin <= 1.7 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through <= 1.7.
9.3
CVE-2025-52832 - WordPress NGG Smart Image Search plugin <= 3.4.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows SQL Injection.This issue affects NGG Smart Image Search: from n/a through <= 3.4.1.
9.3
CVE-2025-52833 - WordPress LMS theme <= 9.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in designthemes LMS lms allows SQL Injection.This issue affects LMS: from n/a through <= 9.2.
8.1
CVE-2025-4414 - WordPress CMSMasters Content Composer plugin < 2.5.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through < 2.5.7.
7.5
CVE-2025-49070 - WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through < 6.4.1.
10
CVE-2025-49414 - WordPress FW Gallery plugin <= 8.0.0 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Using Malicious Files.This issue affects FW Gallery: from n/a through <= 8.0.0.
9.8
CVE-2025-49417 - WordPress WooCommerce Product Multi-Action plugin <= 1.3 - Deserialization of untrusted data Vulnerβ¦
Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action Woo-product-multiaction allows Object Injection.This issue affects WooCommerce Product Multi-Action: from n/a through <= 1.3.
7.2
CVE-2025-49418 - WordPress Allmart plugin <= 1.0.0 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in TeconceTheme Allmart allmart-core allows Server Side Request Forgery.This issue affects Allmart: from n/a through <= 1.0.0.
6.5
CVE-2025-49431 - WordPress MF Plus WPML plugin <= 1.1 - Settings Change Vulnerability
Missing Authorization vulnerability in Gnuget MF Plus WPML mf-plus-wpml allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MF Plus WPML: from n/a through <= 1.1.