6.5
CVE-2025-31759 - WordPress Boo Recipes plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BooSpot Boo Recipes allows Stored XSS. This issue affects Boo Recipes: from n/a through 2.4.1.
5.4
CVE-2025-31757 - WordPress Free Woocommerce Product Table View plugin <= 1.78 - Broken Access Control vulnerability
Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Free Woocommerce Product Table View: from n/a through 1.78.
4.3
CVE-2025-31756 - WordPress TZ PlusGallery Plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in tuyennv TZ PlusGallery allows Cross Site Request Forgery. This issue affects TZ PlusGallery: from n/a through 1.5.5.
4.3
CVE-2025-31755 - WordPress pCloud Backup plugin <= 1.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in josselynj pCloud Backup allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects pCloud Backup: from n/a through 1.0.1.
6.5
CVE-2025-31754 - WordPress DobsonDev Shortcodes plugin <= 2.1.12 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DobsonDev DobsonDev Shortcodes allows Stored XSS. This issue affects DobsonDev Shortcodes: from n/a through 2.1.12.
4.3
CVE-2025-31752 - WordPress Bulk Fields Editor plugin <= 1.8.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in termel Bulk Fields Editor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Fields Editor: from n/a through 1.8.0.
6.5
CVE-2025-31751 - WordPress Breaking News WP Plugin <= 1.3 - CSRF to Settings Change vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in doit Breaking News WP allows Cross Site Request Forgery. This issue affects Breaking News WP: from n/a through 1.3.
5.9
CVE-2025-31750 - WordPress Breaking News WP Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in doit Breaking News WP allows Stored XSS. This issue affects Breaking News WP: from n/a through 1.3.
6.5
CVE-2025-31749 - WordPress HMH Footer Builder For Elementor plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPelite HMH Footer Builder For Elementor allows Stored XSS. This issue affects HMH Footer Builder For Elementor: from n/a through 1.0.
6.5
CVE-2025-31748 - WordPress Opal Portfolio Plugin <= 1.0.4 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpopal Opal Portfolio allows Stored XSS. This issue affects Opal Portfolio: from n/a through 1.0.4.