7.1
CVE-2025-24774 - WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - Reflected Cross Site Scrβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce wpcrm allows Reflected XSS.This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through <= 3.2.0.
8.8
CVE-2025-25171 - WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through <= 2.7.13.
7.1
CVE-2025-25173 - WordPress FastBook plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Stored XSS.This issue affects FastBook: from n/a through <= 1.1.
7.1
CVE-2025-27361 - WordPress Photo Express for Google plugin <= 0.3.2 - Reflected Cross Site Scripting (XSS) vulnerabiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google photo-express-for-google allows Reflected XSS.This issue affects Photo Express for Google: from n/a through <= 0.3.2.
8.1
CVE-2025-28946 - WordPress PrintXtore theme < 1.7.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme PrintXtore bw-printxtore allows PHP Local File Inclusion.This issue affects PrintXtore: from n/a through < 1.7.8.
8.1
CVE-2025-28947 - WordPress MBStore - Digital WooCommerce WordPress Theme <= 2.3 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme MBStore - Digital WooCommerce WordPress Theme mbstore allows PHP Local File Inclusion.This issue affects MBStore - Digital WooCommerce WordPress Theme: from n/a through β¦
7.1
CVE-2025-28956 - WordPress Backwp plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphobby Backwp backwp allows Reflected XSS.This issue affects Backwp: from n/a through <= 2.0.2.
7.1
CVE-2025-28960 - WordPress Evangelische Termine plugin <= 3.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine evangtermine allows Reflected XSS.This issue affects Evangelische Termine: from n/a through <= 3.3.
9.8
CVE-2025-28970 - WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through <= 5.1.6.
7.1
CVE-2025-28988 - WordPress WP Front User Submit / Front Editor plugin <= 4.9.3 - Reflected Cross Site Scripting (XSSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Reflected XSS.This issue affects WP Front User Submit / Front Editor: from n/a through <= 4.9.3.