6.5
CVE-2025-30950 - WordPress All Currencies for WooCommerce plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham All Currencies for WooCommerce woocommerce-all-currencies allows Stored XSS.This issue affects All Currencies for WooCommerce: from n/a through <= 2.4.3.
6.5
CVE-2025-30951 - WordPress BlockStrap Page Builder - Bootstrap Blocks plugin <= 0.1.36 - Cross Site Scripting (XSS) β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stiofan BlockStrap Page Builder - Bootstrap Blocks blockstrap-page-builder-blocks allows Stored XSS.This issue affects BlockStrap Page Builder - Bootstrap Blocks: from n/a through <= 0.1.36.
6.5
CVE-2025-30952 - WordPress Nexa Blocks plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdive Nexa Blocks nexa-blocks allows Stored XSS.This issue affects Nexa Blocks: from n/a through <= 1.1.0.
4.7
CVE-2025-30953 - WordPress WP Gravity Forms Salesforce plugin <= 1.4.7 - Open Redirection Vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Phishing.This issue affects WP Gravity Forms Salesforce: from n/a through <= 1.4.7.
4.7
CVE-2025-30954 - WordPress WP Gravity Forms Constant Contact Plugin <= 1.1.0 - Open Redirection Vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Phishing.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.0.
4.3
CVE-2025-30956 - WordPress Booqable Rental plugin <= 2.4.25 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental booqable-rental-reservations allows Cross Site Request Forgery.This issue affects Booqable Rental: from n/a through <= 2.4.25.
5.4
CVE-2025-30957 - WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.2 - Broken Access Control Vulnerabiliβ¦
Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through <= 1.1.2.
5.4
CVE-2025-30958 - WordPress onOffice for WP-Websites plugin <= 6.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites onoffice-for-wp-websites allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onOffice for WP-Websites: from n/a through <= 6.5.1.
5.4
CVE-2025-30968 - WordPress Advanced Post List plugin <= 0.5.6.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List advanced-post-list allows Cross Site Request Forgery.This issue affects Advanced Post List: from n/a through <= 0.5.6.2.
4.3
CVE-2025-30974 - WordPress Post Grid Master plugin <= 3.4.17 - Broken Access Control vulnerability
Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master ajax-filter-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid Master: from n/a through <= 3.4.17.