5.3
CVE-2025-49995 - WordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) vulnerabiβ¦
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.3.1.
5.3
CVE-2025-49996 - WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.4 - Broken Access Control vulnerabiβ¦
Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 8.4.
5.3
CVE-2025-49997 - WordPress Giveaways and Contests by RafflePress plugin <= 1.12.18 - Broken Access Control + CSRF Vuβ¦
Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.18.
5.4
CVE-2025-49998 - WordPress WooCommerce Fortnox Integration plugin <= 4.5.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration woocommerce-fortnox-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Fortnox Integration: from n/a through <= 4.5.5.
5.4
CVE-2025-50008 - WordPress WooCommerce Manager β Customize and Control Cart page, Add to Cart button, Checkout fieldβ¦
Missing Authorization vulnerability in cscode WooCommerce Manager β Customize and Control Cart page, Add to Cart button, Checkout fields easily innovs-woo-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Manager β Customize and Control Cβ¦
5.4
CVE-2025-50009 - WordPress Kata Plus plugin <= 1.5.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.3.
5.4
CVE-2025-50010 - WordPress Zapier for WordPress plugin <= 1.5.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a through <= 1.5.2.
5.9
CVE-2025-50011 - WordPress plugin Recipes manager - WPH <=1.0.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FΓ©lix MartΓnez Recipes manager - WPH allows Stored XSS. This issue affects Recipes manager - WPH: from n/a through 1.0.4.
5.9
CVE-2025-50012 - WordPress Inventory Presser plugin <= 15.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fridaysystems Inventory Presser inventory-presser allows Stored XSS.This issue affects Inventory Presser: from n/a through <= 15.2.6.
5.9
CVE-2025-50013 - WordPress CSV Importer Improved plugin <= 0.6.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Judge CSV Importer Improved csv-importer-improved allows Stored XSS.This issue affects CSV Importer Improved: from n/a through <= 0.6.1.