0.0
CVE-2025-47636 - WordPress List category posts plugin <= 0.91.0 - Local File Inclusion Vulnerability
Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0.
9.8
CVE-2025-47635 - WordPress WebinarPress plugin <= 1.33.28 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Server Side Request Forgery.This issue affects WebinarPress: from n/a through <= 1.33.28.
8.8
CVE-2025-47633 - WordPress Awin β Advertiser Tracking for WooCommerce plugin <= 2.0.0 - CSRF to Product Feed Regenerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin β Advertiser Tracking for WooCommerce awin-advertiser-tracking allows Cross Site Request Forgery.This issue affects Awin β Advertiser Tracking for WooCommerce: from n/a through <= 2.0.0.
5.4
CVE-2025-47632 - WordPress Awesome Gallery plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raihanul Islam Awesome Gallery awesome-gallery allows Stored XSS.This issue affects Awesome Gallery: from n/a through <= 1.0.
5.4
CVE-2025-47630 - WordPress Ajax Load More plugin <= 7.3.1.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Stored XSS.This issue affects Ajax Load More: from n/a through <= 7.3.1.2.
7.2
CVE-2025-47629 - WordPress WP-CRM System plugin <= 3.4.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through <= 3.4.5.
8.8
CVE-2025-47628 - WordPress QS Dark Mode plugin <= 3.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in quomodosoft QS Dark Mode qs-dark-mode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QS Dark Mode: from n/a through <= 3.0.
4.8
CVE-2025-47626 - WordPress Submission DOM tracking for Contact Form 7 plugin <= 2.1 - Cross Site Scripting (XSS) vulβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Submission DOM tracking for Contact Form 7 cf7-submission-dom-tracking allows Stored XSS.This issue affects Submission DOM tracking for Contact Form 7: from n/a through <= 2.1.
4.8
CVE-2025-47625 - WordPress DoFollow Case by Case plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Stored XSS.This issue affects DoFollow Case by Case: from n/a through <= 3.5.1.
8.8
CVE-2025-47624 - WordPress DoFollow Case by Case plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through <= 3.5.1.