7.1
CVE-2025-52785 - WordPress SMM API Plugin <= 6.0.30 - Broken Access Control Vulnerability
Missing Authorization vulnerability in softnwords SMM API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMM API: from n/a through 6.0.30.
7.1
CVE-2025-52788 - WordPress CaptionPix <= 1.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected XSS. This issue affects CaptionPix: from n/a through 1.8.
7.3
CVE-2025-52800 - WordPress The E-Commerce ERP <= 2.1.1.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3.
7.3
CVE-2025-52801 - WordPress TheBooking Plugin <= 1.4.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in VonStroheim TheBooking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects TheBooking: from n/a through 1.4.4.
7.5
CVE-2025-52806 - WordPress JobSearch Plugin <= 2.9.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PHP Local File Inclusion. This issue affects JobSearch: from n/a through 2.9.0.
8.5
CVE-2025-52820 - WordPress WooCommerce Point Of Sale (POS) <= 1.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) allows SQL Injection. This issue affects WooCommerce Point Of Sale (POS): from n/a through 1.4.
8.5
CVE-2025-52823 - WordPress Cube Portfolio Plugin <= 1.16.8 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio allows SQL Injection. This issue affects Cube Portfolio: from n/a through 1.16.8.
6.9
CVE-2025-8957 - Campcodes Online Flight Booking Management System flights.php sql injection
A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departure_airport_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosโฆ
5.3
CVE-2025-8956 - D-Link DIRโ818L ssdpcgi cgibin getenv command injection
A vulnerability was found in D-Link DIRโ818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
5.1
CVE-2025-7761 - Reflected XSS in Lepszy BIP
Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation inย index.phpย form in one of the parametersย allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did nโฆ