6.5
CVE-2025-54023 - WordPress WP Delicious plugin <= 1.8.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious delicious-recipes allows DOM-Based XSS.This issue affects WP Delicious: from n/a through <= 1.8.4.
6.5
CVE-2025-54022 - WordPress Coupon Affiliates plugin <= 6.4.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Cross Site Request Forgery.This issue affects Coupon Affiliates: from n/a through <= 6.4.0.
5.4
CVE-2025-54020 - WordPress AntiSpam for Contact Form 7 plugin <= 0.6.3 - Cross Site Request Forgery (CSRF) Vulnerabiβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 cf7-antispam allows Cross Site Request Forgery.This issue affects AntiSpam for Contact Form 7: from n/a through <= 0.6.3.
4.3
CVE-2025-54018 - WordPress CM Pop-Up banners plugin <= 1.8.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Pop-Up banners: from n/a through <= 1.8.4.
6.5
CVE-2025-54016 - WordPress Videopack plugin <= 4.10.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Gilman Videopack video-embed-thumbnail-generator allows DOM-Based XSS.This issue affects Videopack: from n/a through <= 4.10.3.
6.6
CVE-2025-54015 - WordPress HT Contact Form 7 plugin <= 2.0.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows PHP Local File Inclusion.This issue affects HT Contact Form 7: from n/a through <= 2.0.0.
5.9
CVE-2025-54013 - WordPress Welcart e-Commerce plugin <= 2.11.16 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Stored XSS.This issue affects Welcart e-Commerce: from n/a through <= 2.11.16.
4.3
CVE-2025-54011 - WordPress SMTP2GO plugin <= 1.12.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in SMTP2GO SMTP2GO smtp2go allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMTP2GO: from n/a through <= 1.12.1.
9.6
CVE-2025-54010 - WordPress FluentSnippets plugin <= 10.50 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets easy-code-manager allows Cross Site Request Forgery.This issue affects FluentSnippets: from n/a through <= 10.50.
6.5
CVE-2025-54009 - WordPress JetSmartFilters plugin <= 3.6.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows Stored XSS.This issue affects JetSmartFilters: from n/a through <= 3.6.8.