4.3

CVSS3.1

CVE-2025-54041 - WordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) Vulnera…

Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Cross Site Request Forgery.This issue affects Wallet System for WooCommerce: from n/a through <= 2.6.7.

📅 Published: July 16, 2025, 10:36 a.m. 🔄 Last Modified: April 23, 2026, 3:32 p.m.

4.3

CVSS3.1

CVE-2025-54039 - WordPress Animator plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through <= 3.0.16.

📅 Published: July 16, 2025, 10:36 a.m. 🔄 Last Modified: April 23, 2026, 3:32 p.m.

5.4

CVSS3.1

CVE-2025-54038 - WordPress Restaurant Menu by MotoPress plugin <= 2.4.6 - Cross Site Request Forgery (CSRF) Vulnerab…

Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Cross Site Request Forgery.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.6.

📅 Published: July 16, 2025, 10:36 a.m. 🔄 Last Modified: April 23, 2026, 3:32 p.m.

5.4

CVSS3.1

CVE-2025-54037 - WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.3.4.

📅 Published: July 16, 2025, 10:36 a.m. 🔄 Last Modified: April 23, 2026, 3:32 p.m.

4.3

CVSS3.1

CVE-2025-54036 - WordPress Webba Booking plugin <= 5.1.20 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Cross Site Request Forgery.This issue affects Webba Booking: from n/a through <= 5.1.20.

📅 Published: July 16, 2025, 10:36 a.m. 🔄 Last Modified: April 23, 2026, 3:32 p.m.

4.3

CVSS3.1

CVE-2025-54035 - WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters newsletters-lite allows Cross Site Request Forgery.This issue affects Newsletters: from n/a through <= 4.10.

📅 Published: July 16, 2025, 10:36 a.m. 🔄 Last Modified: April 23, 2026, 3:32 p.m.

6.5

CVSS3.1

CVE-2025-54033 - WordPress Theme Builder For Elementor plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) Vulnerabi…

Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Builder For Elementor theme-builder-for-elementor allows Cross Site Request Forgery.This issue affects Theme Builder For Elementor: from n/a through <= 1.2.3.

📅 Published: July 16, 2025, 10:36 a.m. 🔄 Last Modified: April 23, 2026, 3:32 p.m.

4.3

CVSS3.1

CVE-2025-54030 - WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) V…

Cross-Site Request Forgery (CSRF) vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through <= 1.3.20.

📅 Published: July 16, 2025, 10:36 a.m. 🔄 Last Modified: April 23, 2026, 3:32 p.m.

8.5

CVSS3.1

CVE-2025-54026 - WordPress GymBase Theme Classes plugin <= 1.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes gymbase_classes allows SQL Injection.This issue affects GymBase Theme Classes: from n/a through <= 1.4.

📅 Published: July 16, 2025, 10:36 a.m. 🔄 Last Modified: April 23, 2026, 3:32 p.m.

6.5

CVSS3.1

CVE-2025-54024 - WordPress WPAdverts plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through <= 2.2.5.

📅 Published: July 16, 2025, 10:36 a.m. 🔄 Last Modified: April 23, 2026, 3:32 p.m.

CVE Authored by @h3xecute

4.3

CVE-2025-54041 - WordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) Vulnera…

4.3

CVE-2025-54039 - WordPress Animator plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) Vulnerability

5.4

CVE-2025-54038 - WordPress Restaurant Menu by MotoPress plugin <= 2.4.6 - Cross Site Request Forgery (CSRF) Vulnerab…

5.4

CVE-2025-54037 - WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability

4.3

CVE-2025-54036 - WordPress Webba Booking plugin <= 5.1.20 - Cross Site Request Forgery (CSRF) Vulnerability

4.3

CVE-2025-54035 - WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability

6.5

CVE-2025-54033 - WordPress Theme Builder For Elementor plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) Vulnerabi…

4.3

CVE-2025-54030 - WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) V…

8.5

CVE-2025-54026 - WordPress GymBase Theme Classes plugin <= 1.4 - SQL Injection Vulnerability

6.5

CVE-2025-54024 - WordPress WPAdverts plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability