0.0
CVE-2025-47590 - WordPress WPSpeed plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in JExtensions Store WPSpeed wpspeed allows Cross Site Request Forgery.This issue affects WPSpeed: from n/a through <= 2.6.5.
0.0
CVE-2025-47589 - WordPress Ebook Store plugin <= 5.8009 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store ebook-store allows DOM-Based XSS.This issue affects Ebook Store: from n/a through <= 5.8009.
0.0
CVE-2025-47587 - WordPress YaySMTP plugin <= 2.6.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through <= 2.6.4.
0.0
CVE-2025-47551 - WordPress Wiki Embed plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) to Settings Change vulneraβ¦
Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed wiki-embed allows Cross Site Request Forgery.This issue affects Wiki Embed: from n/a through <= 1.4.6.
7.2
CVE-2025-47550 - WordPress Instantio plugin <= 3.3.16 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio instantio allows Upload a Web Shell to a Web Server.This issue affects Instantio: from n/a through <= 3.3.16.
7.2
CVE-2025-47549 - WordPress BEAF plugin <= 4.6.10 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through <= 4.6.10.
9.8
CVE-2025-47548 - WordPress Wbcom Designs - Activity Link Preview For BuddyPress plugin <= 1.4.4 - Server Side Requesβ¦
Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress activity-link-preview-for-buddypress allows Server Side Request Forgery.This issue affects Wbcom Designs - Activity Link Preview For BuddyPress: from n/a through <= 1.4.4.
5.4
CVE-2025-47547 - WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.6 - Cross Site Scripting (XSS) Vulneraβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through <= 2.1.6.
8.8
CVE-2025-47546 - WordPress WP Compress plugin <= 6.30.30 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Request Forgery.This issue affects WP Compress: from n/a through <= 6.30.30.
8.1
CVE-2025-47545 - WordPress Poll Maker plugin <= 5.7.7 - Race Condition Vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker poll-maker allows Leveraging Race Conditions.This issue affects Poll Maker: from n/a through <= 5.7.7.