6.1
CVE-2025-67927 - WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through <= 0.8.8.
8.8
CVE-2025-67926 - WordPress Fluent Support plugin <= 1.10.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.10.4.
8.1
CVE-2025-67925 - WordPress Corpkit theme <= 2.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through <= 2.0.
9.8
CVE-2025-67924 - WordPress Corpkit theme <= 2.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through <= 2.0.
6.1
CVE-2025-67922 - WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through < 7.0.9.
9.8
CVE-2025-67921 - WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6.
9.8
CVE-2025-67920 - WordPress Neo Ocular theme < 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue affects Neo Ocular: from n/a through < 1.2.
8.1
CVE-2025-67919 - WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.
6.1
CVE-2025-67918 - WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through <= 5.4.30.
8.1
CVE-2025-67917 - WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.