6.5
CVE-2025-54006 - WordPress Bold Page Builder plugin <= 5.4.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.4.1.
4.3
CVE-2025-53997 - WordPress Houzez theme <= 4.0.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.0.4.
6.5
CVE-2025-53996 - WordPress JetSearch plugin <= 3.5.10.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows Stored XSS.This issue affects JetSearch: from n/a through <= 3.5.10.1.
6.5
CVE-2025-53995 - WordPress JetPopup plugin <= 2.0.15.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup jet-popup allows Stored XSS.This issue affects JetPopup: from n/a through <= 2.0.15.1.
6.5
CVE-2025-53994 - WordPress JetPopup plugin <= 2.0.15 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup jet-popup allows DOM-Based XSS.This issue affects JetPopup: from n/a through <= 2.0.15.
6.5
CVE-2025-53991 - WordPress JetTricks plugin <= 1.5.4.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTricks jet-tricks allows Stored XSS.This issue affects JetTricks: from n/a through <= 1.5.4.1.
7.2
CVE-2025-53990 - WordPress JetFormBuilder plugin <= 3.5.1.2 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Object Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.1.2.
6.5
CVE-2025-53989 - WordPress JetBlocks For Elementor plugin <= 1.3.19 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.19.
5.3
CVE-2024-6234 - ansible-automation-platform: EDA server exposes websocket jwt when running rulebook activations in β¦
A flaw was found in the Ansible Automation Platform. The Event-Driven Ansible server exposes the WebSocket JSON web token (JWT) when running Rulebook activations in debug mode, which, if obtained by an attacker, can be used to connect to the socket and issue commands that return Playbook content orβ¦
5.3
CVE-2025-53986 - WordPress Hestia theme <= 3.2.10 - Broken Access Control Vulnerability
Missing Authorization vulnerability in themeisle Hestia hestia allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hestia: from n/a through <= 3.2.10.