7.1
CVE-2025-49316 - WordPress WP2LEADS plugin <= 3.5.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.5.0.
9.8
CVE-2025-49330 - WordPress Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.3.0 - PHP Object Injectionβ¦
Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin cf7-zoho allows Object Injection.This issue affects Integration for Contact Form 7 and Zoho CRM, Bigin: from n/a through <= 1.3.0.
7.2
CVE-2025-49331 - WordPress eCommerce Product Catalog plugin <= 3.4.3 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through <= 3.4.3.
7.6
CVE-2025-49854 - WordPress Slim SEO plugin <= 4.5.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anh Tran Slim SEO slim-seo allows SQL Injection.This issue affects Slim SEO: from n/a through <= 4.5.4.
6.5
CVE-2025-49855 - WordPress Meks Flexible Shortcodes plugin <= 1.3.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Flexible Shortcodes meks-flexible-shortcodes allows DOM-Based XSS.This issue affects Meks Flexible Shortcodes: from n/a through <= 1.3.7.
4.3
CVE-2025-49856 - WordPress Responsive Plus plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) to Settings Change vuβ¦
Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Cross Site Request Forgery.This issue affects Responsive Plus: from n/a through <= 3.2.2.
4.3
CVE-2025-49857 - WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.4.2.
6.5
CVE-2025-49858 - WordPress Arconix Shortcodes plugin <= 2.1.17 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through <= 2.1.17.
6.5
CVE-2025-49859 - WordPress WP Views Counter plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in etruel WP Views Counter wpecounter allows Stored XSS.This issue affects WP Views Counter: from n/a through <= 2.0.3.
6.5
CVE-2025-49861 - WordPress Kama Click Counter plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter kama-clic-counter allows Stored XSS.This issue affects Kama Click Counter: from n/a through <= 4.0.3.