9.3
CVE-2025-30936 - WordPress Torod plugin <= 2.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod torod allows SQL Injection.This issue affects Torod: from n/a through <= 2.1.
9.8
CVE-2025-30949 - WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows Object Injection.This issue affects Site Chat on Telegram: from n/a through <= 1.0.4.
7.1
CVE-2025-30955 - WordPress ListingEasy theme <= 1.9.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy listingeasy allows Reflected XSS.This issue affects ListingEasy: from n/a through <= 1.9.2.
6.5
CVE-2025-30959 - WordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product XML Feed Manager for WooCommerce: from n/a through <= 2.9.2.
9.8
CVE-2025-30973 - WordPress CoSchool LMS plugin <= 1.4.3 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS coschool allows Object Injection.This issue affects CoSchool LMS: from n/a through <= 1.4.3.
7.1
CVE-2025-31055 - WordPress Electrician - Electrical Service WordPress theme <= 1.0 - Cross Site Scripting (XSS) Vulnβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service WordPress electrician allows Reflected XSS.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 1.0.
7.5
CVE-2025-31070 - WordPress HTML5 Radio Player - WPBakery Page Builder Addon plugin <= 2.5 - Arbitrary File Download β¦
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon lbg-cleverbakery allows Path Traversal.This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through <= 2.5.
7.1
CVE-2025-31072 - WordPress Ofiz - Business Consulting Theme plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Ofiz - WordPress Business Consulting Theme ofiz allows Reflected XSS.This issue affects Ofiz - WordPress Business Consulting Theme: from n/a through <= 2.0.
8.8
CVE-2025-31422 - WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through <= 2.4.
7.1
CVE-2025-31427 - WordPress Invico - WordPress Consulting Business Theme <= 1.9 - Cross Site Scripting (XSS) Vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Invico - WordPress Consulting Business Theme invico allows Reflected XSS.This issue affects Invico - WordPress Consulting Business Theme: from n/a through <= 1.9.