7.2
CVE-2025-47550 - WordPress Instantio plugin <= 3.3.16 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio instantio allows Upload a Web Shell to a Web Server.This issue affects Instantio: from n/a through <= 3.3.16.
7.2
CVE-2025-47549 - WordPress BEAF plugin <= 4.6.10 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through <= 4.6.10.
9.8
CVE-2025-47548 - WordPress Wbcom Designs - Activity Link Preview For BuddyPress plugin <= 1.4.4 - Server Side Requesβ¦
Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress activity-link-preview-for-buddypress allows Server Side Request Forgery.This issue affects Wbcom Designs - Activity Link Preview For BuddyPress: from n/a through <= 1.4.4.
5.4
CVE-2025-47547 - WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.6 - Cross Site Scripting (XSS) Vulneraβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Stored XSS.This issue affects SendPulse Email Marketing Newsletter: from n/a through <= 2.1.6.
8.8
CVE-2025-47546 - WordPress WP Compress plugin <= 6.30.30 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Request Forgery.This issue affects WP Compress: from n/a through <= 6.30.30.
8.1
CVE-2025-47545 - WordPress Poll Maker plugin <= 5.7.7 - Race Condition Vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker poll-maker allows Leveraging Race Conditions.This issue affects Poll Maker: from n/a through <= 5.7.7.
7.2
CVE-2025-47544 - WordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.8 - SQL Injection Vulneβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Blind SQL Injection.This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a throuβ¦
0.0
CVE-2025-47543 - WordPress TrueBooker plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through <= 1.0.7.
0.0
CVE-2025-47542 - WordPress Simple calendar for Elementor plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) Vulneraβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Elementor: from n/a through <= 1.6.5.
7.5
CVE-2025-47540 - WordPress weMail plugin <= 1.14.13 - Sensitive Data Exposure Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail wemail allows Retrieve Embedded Sensitive Data.This issue affects weMail: from n/a through <= 1.14.13.