7.5
CVE-2025-53257 - WordPress Gmedia Photo Gallery plugin <= 1.23.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Serhii Pasyuk Gmedia Photo Gallery grand-media allows PHP Local File Inclusion.This issue affects Gmedia Photo Gallery: from n/a through <= 1.23.0.
7.6
CVE-2025-53256 - WordPress YaySMTP plugin <= 2.6.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP yaysmtp allows SQL Injection.This issue affects YaySMTP: from n/a through <= 2.6.6.
5.3
CVE-2025-53255 - WordPress HurryTimer plugin <= 2.13.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HurryTimer: from n/a through <= 2.13.1.
4.3
CVE-2025-53254 - WordPress Cyrlitera plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Cyrlitera cyrlitera allows Cross Site Request Forgery.This issue affects Cyrlitera: from n/a through <= 1.3.0.
5.9
CVE-2025-53253 - WordPress WP Edit plugin <= 4.0.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh WP Edit wp-edit allows Stored XSS.This issue affects WP Edit: from n/a through <= 4.0.4.
5.3
CVE-2025-53211 - WordPress Audio Editor & Recorder plugin <= 2.2.3 - Sensitive Data Exposure Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Retrieve Embedded Sensitive Data.This issue affects Audio Editor & Recorder: from n/a through <= 2.2.3.
6.5
CVE-2025-53206 - WordPress HT Mega β Absolute Addons for WPBakery Page Builder plugin <= 1.0.8 - Cross Site Scriptinβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Mega β Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows Stored XSS.This issue affects HT Mega β Absolute Addons for WPBakery Page Builder: from n/a through <= 1.0β¦
4.3
CVE-2025-53203 - WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.148 - Cross Site Request Forgery (CSRF) Vulβ¦
Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Cross Site Request Forgery.This issue affects WooCommerce PDF Invoice Builder: from n/a through <= 1.2.148.
6.5
CVE-2025-53202 - WordPress Responsive Blocks plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows DOM-Based XSS.This issue affects Responsive Blocks: from n/a through <= 2.0.6.
4.3
CVE-2025-53200 - WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 6.7.3.